X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=ofproto%2Fofproto-dpif.c;h=2307577a600b62df89a18be2037e34cd2a6f2630;hb=ec9f40dce11c7e81bc41d42e3bbfaaf8287165ce;hp=062cfc2bc2da0453f5cd8d9cb4063424a8d3c03c;hpb=ac35f9c8d84e1ce3d2ef2323e5e72fef61c9be8c;p=sliver-openvswitch.git diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index 062cfc2bc..2307577a6 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -20,6 +20,7 @@ #include +#include "bfd.h" #include "bond.h" #include "bundle.h" #include "byte-order.h" @@ -46,6 +47,7 @@ #include "ofp-parse.h" #include "ofp-print.h" #include "ofproto-dpif-governor.h" +#include "ofproto-dpif-ipfix.h" #include "ofproto-dpif-sflow.h" #include "poll-loop.h" #include "simap.h" @@ -117,9 +119,9 @@ static struct rule_dpif *rule_dpif_lookup__(struct ofproto_dpif *, static struct rule_dpif *rule_dpif_miss_rule(struct ofproto_dpif *ofproto, const struct flow *flow); +static void rule_get_stats(struct rule *, uint64_t *packets, uint64_t *bytes); static void rule_credit_stats(struct rule_dpif *, const struct dpif_flow_stats *); -static void flow_push_stats(struct facet *, const struct dpif_flow_stats *); static tag_type rule_calculate_tag(const struct flow *, const struct minimask *, uint32_t basis); static void rule_invalidate(const struct rule_dpif *); @@ -206,20 +208,44 @@ static int set_stp_port(struct ofport *, static bool ofbundle_includes_vlan(const struct ofbundle *, uint16_t vlan); -struct action_xlate_ctx { -/* action_xlate_ctx_init() initializes these members. */ +struct xlate_ctx; + +/* Initial values of fields of the packet that may be changed during + * flow processing and needed later. */ +struct initial_vals { + /* This is the value of vlan_tci in the packet as actually received from + * dpif. This is the same as the facet's flow.vlan_tci unless the packet + * was received via a VLAN splinter. In that case, this value is 0 + * (because the packet as actually received from the dpif had no 802.1Q + * tag) but the facet's flow.vlan_tci is set to the VLAN that the splinter + * represents. + * + * This member should be removed when the VLAN splinters feature is no + * longer needed. */ + ovs_be16 vlan_tci; +}; + +struct xlate_out { + tag_type tags; /* Tags associated with actions. */ + enum slow_path_reason slow; /* 0 if fast path may be used. */ + bool has_learn; /* Actions include NXAST_LEARN? */ + bool has_normal; /* Actions output to OFPP_NORMAL? */ + bool has_fin_timeout; /* Actions include NXAST_FIN_TIMEOUT? */ + uint16_t nf_output_iface; /* Output interface index for NetFlow. */ + mirror_mask_t mirrors; /* Bitmap of associated mirrors. */ + + uint64_t odp_actions_stub[256 / 8]; + struct ofpbuf odp_actions; +}; - /* The ofproto. */ +struct xlate_in { struct ofproto_dpif *ofproto; /* Flow to which the OpenFlow actions apply. xlate_actions() will modify * this flow when actions change header fields. */ struct flow flow; - /* stack for the push and pop actions. - * Each stack element is of the type "union mf_subvalue". */ - struct ofpbuf stack; - union mf_subvalue init_stack[1024 / sizeof(union mf_subvalue)]; + struct initial_vals initial_vals; /* The packet corresponding to 'flow', or a null pointer if we are * revalidating without a packet to refer to. */ @@ -233,9 +259,13 @@ struct action_xlate_ctx { * not if we are just revalidating. */ bool may_learn; - /* The rule that we are currently translating, or NULL. */ + /* The rule initiating translation or NULL. */ struct rule_dpif *rule; + /* The actions to translate. If 'rule' is not NULL, these may be NULL. */ + const struct ofpact *ofpacts; + size_t ofpacts_len; + /* Union of the set of TCP flags seen so far in this flow. (Used only by * NXAST_FIN_TIMEOUT. Set to zero to avoid updating updating rules' * timeouts.) */ @@ -249,39 +279,50 @@ struct action_xlate_ctx { * resubmit or OFPP_TABLE action didn't find a matching rule. * * This is normally null so the client has to set it manually after - * calling action_xlate_ctx_init(). */ - void (*resubmit_hook)(struct action_xlate_ctx *, struct rule_dpif *rule); + * calling xlate_in_init(). */ + void (*resubmit_hook)(struct xlate_ctx *, struct rule_dpif *rule); /* If nonnull, flow translation calls this function to report some * significant decision, e.g. to explain why OFPP_NORMAL translation * dropped a packet. */ - void (*report_hook)(struct action_xlate_ctx *, const char *s); + void (*report_hook)(struct xlate_ctx *, const char *s); /* If nonnull, flow translation credits the specified statistics to each * rule reached through a resubmit or OFPP_TABLE action. * * This is normally null so the client has to set it manually after - * calling action_xlate_ctx_init(). */ + * calling xlate_in_init(). */ const struct dpif_flow_stats *resubmit_stats; +}; -/* xlate_actions() initializes and uses these members. The client might want - * to look at them after it returns. */ +/* Context used by xlate_actions() and its callees. */ +struct xlate_ctx { + struct xlate_in *xin; + struct xlate_out *xout; - struct ofpbuf *odp_actions; /* Datapath actions. */ - tag_type tags; /* Tags associated with actions. */ - enum slow_path_reason slow; /* 0 if fast path may be used. */ - bool has_learn; /* Actions include NXAST_LEARN? */ - bool has_normal; /* Actions output to OFPP_NORMAL? */ - bool has_fin_timeout; /* Actions include NXAST_FIN_TIMEOUT? */ - uint16_t nf_output_iface; /* Output interface index for NetFlow. */ - mirror_mask_t mirrors; /* Bitmap of associated mirrors. */ + struct ofproto_dpif *ofproto; + + /* Flow at the last commit. */ + struct flow base_flow; + + /* Tunnel IP destination address as received. This is stored separately + * as the base_flow.tunnel is cleared on init to reflect the datapath + * behavior. Used to make sure not to send tunneled output to ourselves, + * which might lead to an infinite loop. This could happen easily + * if a tunnel is marked as 'ip_remote=flow', and the flow does not + * actually set the tun_dst field. */ + ovs_be32 orig_tunnel_ip_dst; -/* xlate_actions() initializes and uses these members, but the client has no - * reason to look at them. */ + /* Stack for the push and pop actions. Each stack element is of type + * "union mf_subvalue". */ + union mf_subvalue init_stack[1024 / sizeof(union mf_subvalue)]; + struct ofpbuf stack; + + /* The rule that we are currently translating, or NULL. */ + struct rule_dpif *rule; int recurse; /* Recursion level, via xlate_table_action. */ bool max_resubmit_trigger; /* Recursed too deeply during translation. */ - struct flow base_flow; /* Flow at the last commit. */ uint32_t orig_skb_priority; /* Priority when packet arrived. */ uint8_t table_id; /* OpenFlow table ID where flow was found. */ uint32_t sflow_n_outputs; /* Number of output ports. */ @@ -290,23 +331,25 @@ struct action_xlate_ctx { bool exit; /* No further actions should be processed. */ }; -static void action_xlate_ctx_init(struct action_xlate_ctx *, - struct ofproto_dpif *, const struct flow *, - ovs_be16 initial_tci, struct rule_dpif *, - uint8_t tcp_flags, const struct ofpbuf *); -static void xlate_actions(struct action_xlate_ctx *, - const struct ofpact *ofpacts, size_t ofpacts_len, - struct ofpbuf *odp_actions); -static void xlate_actions_for_side_effects(struct action_xlate_ctx *, - const struct ofpact *ofpacts, - size_t ofpacts_len); -static void xlate_table_action(struct action_xlate_ctx *, uint16_t in_port, +static void xlate_in_init(struct xlate_in *, struct ofproto_dpif *, + const struct flow *, const struct initial_vals *, + struct rule_dpif *, uint8_t tcp_flags, + const struct ofpbuf *); + +static void xlate_out_uninit(struct xlate_out *); + +static void xlate_actions(struct xlate_in *, struct xlate_out *); + +static void xlate_actions_for_side_effects(struct xlate_in *); + +static void xlate_table_action(struct xlate_ctx *, uint16_t in_port, uint8_t table_id, bool may_packet_in); static size_t put_userspace_action(const struct ofproto_dpif *, struct ofpbuf *odp_actions, const struct flow *, - const union user_action_cookie *); + const union user_action_cookie *, + const size_t); static void compose_slow_path(const struct ofproto_dpif *, const struct flow *, enum slow_path_reason, @@ -314,7 +357,7 @@ static void compose_slow_path(const struct ofproto_dpif *, const struct flow *, const struct nlattr **actionsp, size_t *actions_lenp); -static void xlate_report(struct action_xlate_ctx *ctx, const char *s); +static void xlate_report(struct xlate_ctx *ctx, const char *s); /* A subfacet (see "struct subfacet" below) has three possible installation * states: @@ -335,8 +378,6 @@ enum subfacet_path { SF_SLOW_PATH, /* Send-to-userspace action is installed. */ }; -static const char *subfacet_path_to_string(enum subfacet_path); - /* A dpif flow and actions associated with a facet. * * See also the large comment on struct facet. */ @@ -351,31 +392,12 @@ struct subfacet { int key_len; long long int used; /* Time last used; time created if not used. */ + long long int created; /* Time created. */ uint64_t dp_packet_count; /* Last known packet count in the datapath. */ uint64_t dp_byte_count; /* Last known byte count in the datapath. */ - /* Datapath actions. - * - * These should be essentially identical for every subfacet in a facet, but - * may differ in trivial ways due to VLAN splinters. */ - size_t actions_len; /* Number of bytes in actions[]. */ - struct nlattr *actions; /* Datapath actions. */ - - enum slow_path_reason slow; /* 0 if fast path may be used. */ enum subfacet_path path; /* Installed in datapath? */ - - /* This value is normally the same as ->facet->flow.vlan_tci. Only VLAN - * splinters can cause it to differ. This value should be removed when - * the VLAN splinters feature is no longer needed. */ - ovs_be16 initial_tci; /* Initial VLAN TCI value. */ - - /* Datapath port the packet arrived on. This is needed to remove - * flows for ports that are no longer part of the bridge. Since the - * flow definition only has the OpenFlow port number and the port is - * no longer part of the bridge, we can't determine the datapath port - * number needed to delete the flow from the datapath. */ - uint32_t odp_in_port; }; #define SUBFACET_DESTROY_MAX_BATCH 50 @@ -391,19 +413,13 @@ static void subfacet_destroy_batch(struct ofproto_dpif *, struct subfacet **, int n); static void subfacet_reset_dp_stats(struct subfacet *, struct dpif_flow_stats *); -static void subfacet_update_time(struct subfacet *, long long int used); static void subfacet_update_stats(struct subfacet *, const struct dpif_flow_stats *); -static void subfacet_make_actions(struct subfacet *, - const struct ofpbuf *packet, - struct ofpbuf *odp_actions); static int subfacet_install(struct subfacet *, - const struct nlattr *actions, size_t actions_len, - struct dpif_flow_stats *, enum slow_path_reason); + const struct ofpbuf *odp_actions, + struct dpif_flow_stats *); static void subfacet_uninstall(struct subfacet *); -static enum subfacet_path subfacet_want_path(enum slow_path_reason); - /* An exact-match instantiation of an OpenFlow flow. * * A facet associates a "struct flow", which represents the Open vSwitch @@ -456,26 +472,22 @@ struct facet { struct netflow_flow nf_flow; /* Per-flow NetFlow tracking data. */ uint8_t tcp_flags; /* TCP flags seen for this 'rule'. */ - /* Properties of datapath actions. - * - * Every subfacet has its own actions because actions can differ slightly - * between splintered and non-splintered subfacets due to the VLAN tag - * being initially different (present vs. absent). All of them have these - * properties in common so we just store one copy of them here. */ - bool has_learn; /* Actions include NXAST_LEARN? */ - bool has_normal; /* Actions output to OFPP_NORMAL? */ - bool has_fin_timeout; /* Actions include NXAST_FIN_TIMEOUT? */ - tag_type tags; /* Tags that would require revalidation. */ - mirror_mask_t mirrors; /* Bitmap of dependent mirrors. */ + struct xlate_out xout; + + /* Initial values of the packet that may be needed later. */ + struct initial_vals initial_vals; /* Storage for a single subfacet, to reduce malloc() time and space * overhead. (A facet always has at least one subfacet and in the common - * case has exactly one subfacet.) */ + * case has exactly one subfacet. However, 'one_subfacet' may not + * always be valid, since it could have been removed after newer + * subfacets were pushed onto the 'subfacets' list.) */ struct subfacet one_subfacet; + + long long int learn_rl; /* Rate limiter for facet_learn(). */ }; -static struct facet *facet_create(struct rule_dpif *, - const struct flow *, uint32_t hash); +static struct facet *facet_create(const struct flow_miss *, uint32_t hash); static void facet_remove(struct facet *); static void facet_free(struct facet *); @@ -483,16 +495,16 @@ static struct facet *facet_find(struct ofproto_dpif *, const struct flow *, uint32_t hash); static struct facet *facet_lookup_valid(struct ofproto_dpif *, const struct flow *, uint32_t hash); -static void facet_revalidate(struct facet *); +static bool facet_revalidate(struct facet *); static bool facet_check_consistency(struct facet *); static void facet_flush_stats(struct facet *); -static void facet_update_time(struct facet *, long long int used); static void facet_reset_counters(struct facet *); -static void facet_push_stats(struct facet *); +static void facet_push_stats(struct facet *, bool may_learn); static void facet_learn(struct facet *); static void facet_account(struct facet *); +static void push_all_stats(void); static bool facet_is_controller_flow(struct facet *); @@ -504,6 +516,7 @@ struct ofport_dpif { struct ofbundle *bundle; /* Bundle that contains this port, if any. */ struct list bundle_node; /* In struct ofbundle's "ports" list. */ struct cfm *cfm; /* Connectivity Fault Management, if any. */ + struct bfd *bfd; /* BFD, if any. */ tag_type tag; /* Tag associated with this port. */ bool may_enable; /* May be enabled in bonds. */ long long int carrier_seq; /* Carrier status changes. */ @@ -550,8 +563,9 @@ struct vlan_splinter { int vid; }; -static uint32_t vsp_realdev_to_vlandev(const struct ofproto_dpif *, - uint32_t realdev, ovs_be16 vlan_tci); +static uint16_t vsp_realdev_to_vlandev(const struct ofproto_dpif *, + uint16_t realdev_ofp_port, + ovs_be16 vlan_tci); static bool vsp_adjust_flow(const struct ofproto_dpif *, struct flow *); static void vsp_remove(struct ofport_dpif *); static void vsp_add(struct ofport_dpif *, uint16_t realdev_ofp_port, int vid); @@ -564,15 +578,16 @@ static uint16_t odp_port_to_ofp_port(const struct ofproto_dpif *, static struct ofport_dpif * ofport_dpif_cast(const struct ofport *ofport) { - ovs_assert(ofport->ofproto->ofproto_class == &ofproto_dpif_class); return ofport ? CONTAINER_OF(ofport, struct ofport_dpif, up) : NULL; } static void port_run(struct ofport_dpif *); static void port_run_fast(struct ofport_dpif *); static void port_wait(struct ofport_dpif *); +static int set_bfd(struct ofport *, const struct smap *); static int set_cfm(struct ofport *, const struct cfm_settings *); static void ofport_clear_priorities(struct ofport_dpif *); +static void run_fast_rl(void); struct dpif_completion { struct list list_node; @@ -635,6 +650,7 @@ struct dpif_backer { struct tag_set revalidate_set; /* Revalidate only matching facets. */ struct hmap drop_keys; /* Set of dropped odp keys. */ + bool recv_set_enable; /* Enables or disables receiving packets. */ }; /* All existing ofproto_backer instances, indexed by ofproto->up.type. */ @@ -644,6 +660,14 @@ static void drop_key_clear(struct dpif_backer *); static struct ofport_dpif * odp_port_to_ofport(const struct dpif_backer *, uint32_t odp_port); +struct avg_subfacet_rates { + double add_rate; /* Moving average of new flows created per minute. */ + double del_rate; /* Moving average of flows deleted per minute. */ +}; +static void show_dp_rates(struct ds *ds, const char *heading, + const struct avg_subfacet_rates *rates); +static void exp_mavg(double *avg, int base, double new); + struct ofproto_dpif { struct hmap_node all_ofproto_dpifs_node; /* In 'all_ofproto_dpifs'. */ struct ofproto up; @@ -653,12 +677,10 @@ struct ofproto_dpif { struct rule_dpif *miss_rule; /* Sends flow table misses to controller. */ struct rule_dpif *no_packet_in_rule; /* Drops flow table misses. */ - /* Statistics. */ - uint64_t n_matches; - /* Bridging. */ struct netflow *netflow; struct dpif_sflow *sflow; + struct dpif_ipfix *ipfix; struct hmap bundles; /* Contains "struct ofbundle"s. */ struct mac_learning *ml; struct ofmirror *mirrors[MAX_MIRRORS]; @@ -669,6 +691,7 @@ struct ofproto_dpif { struct hmap facets; struct hmap subfacets; struct governor *governor; + long long int consistency_rl; /* Revalidation. */ struct table_dpif tables[N_TABLES]; @@ -693,7 +716,50 @@ struct ofproto_dpif { struct sset ghost_ports; /* Ports with no datapath port. */ struct sset port_poll_set; /* Queued names for port_poll() reply. */ int port_poll_errno; /* Last errno for port_poll() reply. */ + + /* Per ofproto's dpif stats. */ + uint64_t n_hit; + uint64_t n_missed; + + /* Subfacet statistics. + * + * These keep track of the total number of subfacets added and deleted and + * flow life span. They are useful for computing the flow rates stats + * exposed via "ovs-appctl dpif/show". The goal is to learn about + * traffic patterns in ways that we can use later to improve Open vSwitch + * performance in new situations. */ + long long int created; /* Time when it is created. */ + unsigned int max_n_subfacet; /* Maximum number of flows */ + + /* The average number of subfacets... */ + struct avg_subfacet_rates hourly; /* ...over the last hour. */ + struct avg_subfacet_rates daily; /* ...over the last day. */ + long long int last_minute; /* Last time 'hourly' was updated. */ + + /* Number of subfacets added or deleted since 'last_minute'. */ + unsigned int subfacet_add_count; + unsigned int subfacet_del_count; + + /* Number of subfacets added or deleted from 'created' to 'last_minute.' */ + unsigned long long int total_subfacet_add_count; + unsigned long long int total_subfacet_del_count; + + /* Sum of the number of milliseconds that each subfacet existed, + * over the subfacets that have been added and then later deleted. */ + unsigned long long int total_subfacet_life_span; + + /* Incremented by the number of currently existing subfacets, each + * time we pull statistics from the kernel. */ + unsigned long long int total_subfacet_count; + + /* Number of times we pull statistics from the kernel. */ + unsigned long long int n_update_stats; }; +static unsigned long long int avg_subfacet_life_span( + const struct ofproto_dpif *); +static double avg_subfacet_count(const struct ofproto_dpif *ofproto); +static void update_moving_averages(struct ofproto_dpif *ofproto); +static void update_max_subfacet_count(struct ofproto_dpif *ofproto); /* Defer flow mod completion until "ovs-appctl ofproto/unclog"? (Useful only * for debugging the asynchronous flow_mod implementation.) */ @@ -716,8 +782,8 @@ static struct ofport_dpif *get_ofp_port(const struct ofproto_dpif *, static struct ofport_dpif *get_odp_port(const struct ofproto_dpif *, uint32_t odp_port); static void ofproto_trace(struct ofproto_dpif *, const struct flow *, - const struct ofpbuf *, ovs_be16 initial_tci, - struct ds *); + const struct ofpbuf *, + const struct initial_vals *, struct ds *); /* Packet processing. */ static void update_learning_table(struct ofproto_dpif *, @@ -738,7 +804,10 @@ static int send_packet(const struct ofport_dpif *, struct ofpbuf *packet); static size_t compose_sflow_action(const struct ofproto_dpif *, struct ofpbuf *odp_actions, const struct flow *, uint32_t odp_port); -static void add_mirror_actions(struct action_xlate_ctx *ctx, +static void compose_ipfix_action(const struct ofproto_dpif *, + struct ofpbuf *odp_actions, + const struct flow *); +static void add_mirror_actions(struct xlate_ctx *ctx, const struct flow *flow); /* Global variables. */ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); @@ -827,6 +896,7 @@ lookup_ofproto_dpif_by_port_name(const char *name) static int type_run(const char *type) { + static long long int push_timer = LLONG_MIN; struct dpif_backer *backer; char *devname; int error; @@ -840,6 +910,31 @@ type_run(const char *type) dpif_run(backer->dpif); + /* The most natural place to push facet statistics is when they're pulled + * from the datapath. However, when there are many flows in the datapath, + * this expensive operation can occur so frequently, that it reduces our + * ability to quickly set up flows. To reduce the cost, we push statistics + * here instead. */ + if (time_msec() > push_timer) { + push_timer = time_msec() + 2000; + push_all_stats(); + } + + /* If vswitchd started with other_config:flow_restore_wait set as "true", + * and the configuration has now changed to "false", enable receiving + * packets from the datapath. */ + if (!backer->recv_set_enable && !ofproto_get_flow_restore_wait()) { + backer->recv_set_enable = true; + + error = dpif_recv_set(backer->dpif, backer->recv_set_enable); + if (error) { + VLOG_ERR("Failed to enable receiving packets in dpif."); + return error; + } + dpif_flow_flush(backer->dpif); + backer->need_revalidate = REV_RECONFIGURE; + } + if (backer->need_revalidate || !tag_set_is_empty(&backer->revalidate_set)) { struct tag_set revalidate_set = backer->revalidate_set; @@ -925,14 +1020,18 @@ type_run(const char *type) HMAP_FOR_EACH_SAFE (facet, next, hmap_node, &ofproto->facets) { if (need_revalidate - || tag_set_intersects(&revalidate_set, facet->tags)) { + || tag_set_intersects(&revalidate_set, facet->xout.tags)) { facet_revalidate(facet); + run_fast_rl(); } } } } - if (timer_expired(&backer->next_expiration)) { + if (!backer->recv_set_enable) { + /* Wake up before a max of 1000ms. */ + timer_set_duration(&backer->next_expiration, 1000); + } else if (timer_expired(&backer->next_expiration)) { int delay = expire(backer); timer_set_duration(&backer->next_expiration, delay); } @@ -994,15 +1093,12 @@ type_run(const char *type) } static int -type_run_fast(const char *type) +dpif_backer_run_fast(struct dpif_backer *backer, int max_batch) { - struct dpif_backer *backer; unsigned int work; - backer = shash_find_data(&all_dpif_backers, type); - if (!backer) { - /* This is not necessarily a problem, since backers are only - * created on demand. */ + /* If recv_set_enable is false, we should not handle upcalls. */ + if (!backer->recv_set_enable) { return 0; } @@ -1016,8 +1112,8 @@ type_run_fast(const char *type) * optimizations can make major improvements on some benchmarks and * presumably for real traffic as well. */ work = 0; - while (work < FLOW_MISS_MAX_BATCH) { - int retval = handle_upcalls(backer, FLOW_MISS_MAX_BATCH - work); + while (work < max_batch) { + int retval = handle_upcalls(backer, max_batch - work); if (retval <= 0) { return -retval; } @@ -1027,6 +1123,58 @@ type_run_fast(const char *type) return 0; } +static int +type_run_fast(const char *type) +{ + struct dpif_backer *backer; + + backer = shash_find_data(&all_dpif_backers, type); + if (!backer) { + /* This is not necessarily a problem, since backers are only + * created on demand. */ + return 0; + } + + return dpif_backer_run_fast(backer, FLOW_MISS_MAX_BATCH); +} + +static void +run_fast_rl(void) +{ + static long long int port_rl = LLONG_MIN; + static unsigned int backer_rl = 0; + + if (time_msec() >= port_rl) { + struct ofproto_dpif *ofproto; + struct ofport_dpif *ofport; + + HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { + + HMAP_FOR_EACH (ofport, up.hmap_node, &ofproto->up.ports) { + port_run_fast(ofport); + } + } + port_rl = time_msec() + 200; + } + + /* XXX: We have to be careful not to do too much work in this function. If + * we call dpif_backer_run_fast() too often, or with too large a batch, + * performance improves signifcantly, but at a cost. It's possible for the + * number of flows in the datapath to increase without bound, and for poll + * loops to take 10s of seconds. The correct solution to this problem, + * long term, is to separate flow miss handling into it's own thread so it + * isn't affected by revalidations, and expirations. Until then, this is + * the best we can do. */ + if (++backer_rl >= 10) { + struct shash_node *node; + + backer_rl = 0; + SHASH_FOR_EACH (node, &all_dpif_backers) { + dpif_backer_run_fast(node->data, 1); + } + } +} + static void type_wait(const char *type) { @@ -1153,9 +1301,12 @@ open_dpif_backer(const char *type, struct dpif_backer **backerp) backer->need_revalidate = 0; simap_init(&backer->tnl_backers); tag_set_init(&backer->revalidate_set); + backer->recv_set_enable = !ofproto_get_flow_restore_wait(); *backerp = backer; - dpif_flow_flush(backer->dpif); + if (backer->recv_set_enable) { + dpif_flow_flush(backer->dpif); + } /* Loop through the ports already on the datapath and remove any * that we don't need anymore. */ @@ -1179,7 +1330,7 @@ open_dpif_backer(const char *type, struct dpif_backer **backerp) shash_add(&all_dpif_backers, type, backer); - error = dpif_recv_set(backer->dpif, true); + error = dpif_recv_set(backer->dpif, backer->recv_set_enable); if (error) { VLOG_ERR("failed to listen on datapath of type %s: %s", type, strerror(error)); @@ -1207,10 +1358,9 @@ construct(struct ofproto *ofproto_) max_ports = dpif_get_max_ports(ofproto->backer->dpif); ofproto_init_max_ports(ofproto_, MIN(max_ports, OFPP_MAX)); - ofproto->n_matches = 0; - ofproto->netflow = NULL; ofproto->sflow = NULL; + ofproto->ipfix = NULL; ofproto->stp = NULL; hmap_init(&ofproto->bundles); ofproto->ml = mac_learning_create(MAC_ENTRY_DEFAULT_IDLE_TIME); @@ -1222,6 +1372,7 @@ construct(struct ofproto *ofproto_) hmap_init(&ofproto->facets); hmap_init(&ofproto->subfacets); ofproto->governor = NULL; + ofproto->consistency_rl = LLONG_MIN; for (i = 0; i < N_TABLES; i++) { struct table_dpif *table = &ofproto->tables[i]; @@ -1270,6 +1421,22 @@ construct(struct ofproto *ofproto_) error = add_internal_flows(ofproto); ofproto->up.tables[TBL_INTERNAL].flags = OFTABLE_HIDDEN | OFTABLE_READONLY; + ofproto->n_hit = 0; + ofproto->n_missed = 0; + + ofproto->max_n_subfacet = 0; + ofproto->created = time_msec(); + ofproto->last_minute = ofproto->created; + memset(&ofproto->hourly, 0, sizeof ofproto->hourly); + memset(&ofproto->daily, 0, sizeof ofproto->daily); + ofproto->subfacet_add_count = 0; + ofproto->subfacet_del_count = 0; + ofproto->total_subfacet_add_count = 0; + ofproto->total_subfacet_del_count = 0; + ofproto->total_subfacet_life_span = 0; + ofproto->total_subfacet_count = 0; + ofproto->n_update_stats = 0; + return error; } @@ -1399,6 +1566,12 @@ run_fast(struct ofproto *ofproto_) struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); struct ofport_dpif *ofport; + /* Do not perform any periodic activity required by 'ofproto' while + * waiting for flow restore to complete. */ + if (ofproto_get_flow_restore_wait()) { + return 0; + } + HMAP_FOR_EACH (ofport, up.hmap_node, &ofproto->up.ports) { port_run_fast(ofport); } @@ -1418,6 +1591,12 @@ run(struct ofproto *ofproto_) complete_operations(ofproto); } + /* Do not perform any periodic activity below required by 'ofproto' while + * waiting for flow restore to complete. */ + if (ofproto_get_flow_restore_wait()) { + return 0; + } + error = run_fast(ofproto_); if (error) { return error; @@ -1443,14 +1622,17 @@ run(struct ofproto *ofproto_) mac_learning_run(ofproto->ml, &ofproto->backer->revalidate_set); /* Check the consistency of a random facet, to aid debugging. */ - if (!hmap_is_empty(&ofproto->facets) + if (time_msec() >= ofproto->consistency_rl + && !hmap_is_empty(&ofproto->facets) && !ofproto->backer->need_revalidate) { struct facet *facet; + ofproto->consistency_rl = time_msec() + 250; + facet = CONTAINER_OF(hmap_random_node(&ofproto->facets), struct facet, hmap_node); if (!tag_set_intersects(&ofproto->backer->revalidate_set, - facet->tags)) { + facet->xout.tags)) { if (!facet_check_consistency(facet)) { ofproto->backer->need_revalidate = REV_INCONSISTENCY; } @@ -1489,6 +1671,10 @@ wait(struct ofproto *ofproto_) poll_immediate_wake(); } + if (ofproto_get_flow_restore_wait()) { + return; + } + dpif_wait(ofproto->backer->dpif); dpif_recv_wait(ofproto->backer->dpif); if (ofproto->sflow) { @@ -1578,13 +1764,18 @@ get_tables(struct ofproto *ofproto_, struct ofp12_table_stats *ots) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); struct dpif_dp_stats s; + uint64_t n_miss, n_no_pkt_in, n_bytes; + uint64_t n_lookup; strcpy(ots->name, "classifier"); dpif_get_dp_stats(ofproto->backer->dpif, &s); + rule_get_stats(&ofproto->miss_rule->up, &n_miss, &n_bytes); + rule_get_stats(&ofproto->no_packet_in_rule->up, &n_no_pkt_in, &n_bytes); - ots->lookup_count = htonll(s.n_hit + s.n_missed); - ots->matched_count = htonll(s.n_hit + ofproto->n_matches); + n_lookup = s.n_hit + s.n_missed; + ots->lookup_count = htonll(n_lookup); + ots->matched_count = htonll(n_lookup - n_miss - n_no_pkt_in); } static struct ofport * @@ -1613,6 +1804,7 @@ port_construct(struct ofport *port_) ofproto->backer->need_revalidate = REV_RECONFIGURE; port->bundle = NULL; port->cfm = NULL; + port->bfd = NULL; port->tag = tag_create_random(); port->may_enable = true; port->stp_port = NULL; @@ -1624,7 +1816,11 @@ port_construct(struct ofport *port_) port->carrier_seq = netdev_get_carrier_resets(netdev); if (netdev_vport_is_patch(netdev)) { - /* XXX By bailing out here, we don't do required sFlow work. */ + /* By bailing out here, we don't submit the port to the sFlow module + * to be considered for counter polling export. This is correct + * because the patch port represents an interface that sFlow considers + * to be "internal" to the switch as a whole, and therefore not an + * candidate for counter polling. */ port->odp_port = OVSP_NONE; return 0; } @@ -1691,6 +1887,7 @@ port_destruct(struct ofport *port_) ofproto->backer->need_revalidate = REV_RECONFIGURE; bundle_remove(port_); set_cfm(port_, NULL); + set_bfd(port_, NULL); if (ofproto->sflow) { dpif_sflow_del_port(ofproto->sflow, port->odp_port); } @@ -1707,6 +1904,10 @@ port_modified(struct ofport *port_) if (port->bundle && port->bundle->bond) { bond_slave_set_netdev(port->bundle->bond, port, port->up.netdev); } + + if (port->cfm) { + cfm_set_netdev(port->cfm, port->up.netdev); + } } static void @@ -1755,6 +1956,32 @@ set_sflow(struct ofproto *ofproto_, return 0; } +static int +set_ipfix( + struct ofproto *ofproto_, + const struct ofproto_ipfix_bridge_exporter_options *bridge_exporter_options, + const struct ofproto_ipfix_flow_exporter_options *flow_exporters_options, + size_t n_flow_exporters_options) +{ + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); + struct dpif_ipfix *di = ofproto->ipfix; + + if (bridge_exporter_options || flow_exporters_options) { + if (!di) { + di = ofproto->ipfix = dpif_ipfix_create(); + } + dpif_ipfix_set_options( + di, bridge_exporter_options, flow_exporters_options, + n_flow_exporters_options); + } else { + if (di) { + dpif_ipfix_destroy(di); + ofproto->ipfix = NULL; + } + } + return 0; +} + static int set_cfm(struct ofport *ofport_, const struct cfm_settings *s) { @@ -1769,7 +1996,7 @@ set_cfm(struct ofport *ofport_, const struct cfm_settings *s) ofproto = ofproto_dpif_cast(ofport->up.ofproto); ofproto->backer->need_revalidate = REV_RECONFIGURE; - ofport->cfm = cfm_create(netdev_get_name(ofport->up.netdev)); + ofport->cfm = cfm_create(ofport->up.netdev); } if (cfm_configure(ofport->cfm, s)) { @@ -1799,6 +2026,35 @@ get_cfm_status(const struct ofport *ofport_, return false; } } + +static int +set_bfd(struct ofport *ofport_, const struct smap *cfg) +{ + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport_->ofproto); + struct ofport_dpif *ofport = ofport_dpif_cast(ofport_); + struct bfd *old; + + old = ofport->bfd; + ofport->bfd = bfd_configure(old, netdev_get_name(ofport->up.netdev), cfg); + if (ofport->bfd != old) { + ofproto->backer->need_revalidate = REV_RECONFIGURE; + } + + return 0; +} + +static int +get_bfd_status(struct ofport *ofport_, struct smap *smap) +{ + struct ofport_dpif *ofport = ofport_dpif_cast(ofport_); + + if (ofport->bfd) { + bfd_get_status(ofport->bfd, smap); + return 0; + } else { + return ENOENT; + } +} /* Spanning Tree. */ @@ -2239,7 +2495,7 @@ bundle_del_port(struct ofport_dpif *port) } static bool -bundle_add_port(struct ofbundle *bundle, uint32_t ofp_port, +bundle_add_port(struct ofbundle *bundle, uint16_t ofp_port, struct lacp_slave_settings *lacp) { struct ofport_dpif *port; @@ -2837,6 +3093,8 @@ mirror_get_stats(struct ofproto *ofproto_, void *aux, return 0; } + push_all_stats(); + *packets = mirror->packet_count; *bytes = mirror->byte_count; @@ -2936,6 +3194,15 @@ port_run_fast(struct ofport_dpif *ofport) send_packet(ofport, &packet); ofpbuf_uninit(&packet); } + + if (ofport->bfd && bfd_should_send_packet(ofport->bfd)) { + struct ofpbuf packet; + + ofpbuf_init(&packet, 0); + bfd_put_packet(ofport->bfd, &packet, ofport->up.pp.hw_addr); + send_packet(ofport, &packet); + ofpbuf_uninit(&packet); + } } static void @@ -2966,6 +3233,11 @@ port_run(struct ofport_dpif *ofport) } } + if (ofport->bfd) { + bfd_run(ofport->bfd); + enable = enable && bfd_forwarding(ofport->bfd); + } + if (ofport->bundle) { enable = enable && lacp_slave_may_enable(ofport->bundle->lacp, ofport); if (carrier_changed) { @@ -2990,6 +3262,10 @@ port_wait(struct ofport_dpif *ofport) if (ofport->cfm) { cfm_wait(ofport->cfm); } + + if (ofport->bfd) { + bfd_wait(ofport->bfd); + } } static int @@ -3095,6 +3371,8 @@ port_get_stats(const struct ofport *ofport_, struct netdev_stats *stats) struct ofport_dpif *ofport = ofport_dpif_cast(ofport_); int error; + push_all_stats(); + error = netdev_get_stats(ofport->up.netdev, stats); if (!error && ofport_->ofp_port == OFPP_LOCAL) { @@ -3129,23 +3407,6 @@ port_get_stats(const struct ofport *ofport_, struct netdev_stats *stats) return error; } -/* Account packets for LOCAL port. */ -static void -ofproto_update_local_port_stats(const struct ofproto *ofproto_, - size_t tx_size, size_t rx_size) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - - if (rx_size) { - ofproto->stats.rx_packets++; - ofproto->stats.rx_bytes += rx_size; - } - if (tx_size) { - ofproto->stats.tx_packets++; - ofproto->stats.tx_bytes += tx_size; - } -} - struct port_dump_state { uint32_t bucket; uint32_t offset; @@ -3264,16 +3525,17 @@ struct flow_miss { enum odp_key_fitness key_fitness; const struct nlattr *key; size_t key_len; - ovs_be16 initial_tci; + struct initial_vals initial_vals; struct list packets; enum dpif_upcall_type upcall_type; - uint32_t odp_in_port; }; struct flow_miss_op { struct dpif_op dpif_op; - void *garbage; /* Pointer to pass to free(), NULL if none. */ - uint64_t stub[1024 / 8]; /* Temporary buffer. */ + + uint64_t slow_stub[128 / 8]; /* Buffer for compose_slow_path() */ + struct xlate_out xout; + bool xout_garbage; /* 'xout' needs to be uninitialized? */ }; /* Sends an OFPT_PACKET_IN message for 'packet' of type OFPR_NO_MATCH to each @@ -3311,6 +3573,11 @@ process_special(struct ofproto_dpif *ofproto, const struct flow *flow, cfm_process_heartbeat(ofport->cfm, packet); } return SLOW_CFM; + } else if (ofport->bfd && bfd_should_process_flow(flow)) { + if (packet) { + bfd_process_packet(ofport->bfd, flow, packet); + } + return SLOW_BFD; } else if (ofport->bundle && ofport->bundle->lacp && flow->dl_type == htons(ETH_TYPE_LACP)) { if (packet) { @@ -3351,7 +3618,7 @@ static void init_flow_miss_execute_op(struct flow_miss *miss, struct ofpbuf *packet, struct flow_miss_op *op) { - if (miss->flow.vlan_tci != miss->initial_tci) { + if (miss->flow.vlan_tci != miss->initial_vals.vlan_tci) { /* This packet was received on a VLAN splinter port. We * added a VLAN to the packet to make the packet resemble * the flow, but the actions were composed assuming that @@ -3361,7 +3628,7 @@ init_flow_miss_execute_op(struct flow_miss *miss, struct ofpbuf *packet, eth_pop_vlan(packet); } - op->garbage = NULL; + op->xout_garbage = false; op->dpif_op.type = DPIF_OP_EXECUTE; op->dpif_op.u.execute.key = miss->key; op->dpif_op.u.execute.key_len = miss->key_len; @@ -3376,8 +3643,6 @@ handle_flow_miss_common(struct rule_dpif *rule, { struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - ofproto->n_matches++; - if (rule->up.cr.priority == FAIL_OPEN_PRIORITY) { /* * Extra-special case for fail-open mode. @@ -3423,43 +3688,40 @@ flow_miss_should_make_facet(struct ofproto_dpif *ofproto, * increment '*n_ops'. */ static void handle_flow_miss_without_facet(struct flow_miss *miss, - struct rule_dpif *rule, struct flow_miss_op *ops, size_t *n_ops) { - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); + struct rule_dpif *rule = rule_dpif_lookup(miss->ofproto, &miss->flow); long long int now = time_msec(); - struct action_xlate_ctx ctx; struct ofpbuf *packet; + struct xlate_in xin; LIST_FOR_EACH (packet, list_node, &miss->packets) { struct flow_miss_op *op = &ops[*n_ops]; struct dpif_flow_stats stats; - struct ofpbuf odp_actions; COVERAGE_INC(facet_suppress); - ofpbuf_use_stub(&odp_actions, op->stub, sizeof op->stub); + handle_flow_miss_common(rule, packet, &miss->flow); dpif_flow_stats_extract(&miss->flow, packet, now, &stats); rule_credit_stats(rule, &stats); - action_xlate_ctx_init(&ctx, ofproto, &miss->flow, miss->initial_tci, - rule, 0, packet); - ctx.resubmit_stats = &stats; - xlate_actions(&ctx, rule->up.ofpacts, rule->up.ofpacts_len, - &odp_actions); + xlate_in_init(&xin, miss->ofproto, &miss->flow, &miss->initial_vals, + rule, stats.tcp_flags, packet); + xin.resubmit_stats = &stats; + xlate_actions(&xin, &op->xout); - if (odp_actions.size) { + if (op->xout.odp_actions.size) { struct dpif_execute *execute = &op->dpif_op.u.execute; init_flow_miss_execute_op(miss, packet, op); - execute->actions = odp_actions.data; - execute->actions_len = odp_actions.size; - op->garbage = ofpbuf_get_uninit_pointer(&odp_actions); + execute->actions = op->xout.odp_actions.data; + execute->actions_len = op->xout.odp_actions.size; + op->xout_garbage = true; (*n_ops)++; } else { - ofpbuf_uninit(&odp_actions); + xlate_out_uninit(&op->xout); } } } @@ -3484,60 +3746,52 @@ handle_flow_miss_with_facet(struct flow_miss *miss, struct facet *facet, struct ofpbuf *packet; subfacet = subfacet_create(facet, miss, now); + want_path = subfacet->facet->xout.slow ? SF_SLOW_PATH : SF_FAST_PATH; LIST_FOR_EACH (packet, list_node, &miss->packets) { struct flow_miss_op *op = &ops[*n_ops]; struct dpif_flow_stats stats; - struct ofpbuf odp_actions; handle_flow_miss_common(facet->rule, packet, &miss->flow); - ofpbuf_use_stub(&odp_actions, op->stub, sizeof op->stub); - if (!subfacet->actions || subfacet->slow) { - subfacet_make_actions(subfacet, packet, &odp_actions); + if (want_path != SF_FAST_PATH) { + struct xlate_in xin; + + xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, + facet->rule, 0, packet); + xlate_actions_for_side_effects(&xin); } dpif_flow_stats_extract(&facet->flow, packet, now, &stats); subfacet_update_stats(subfacet, &stats); - if (subfacet->actions_len) { + if (facet->xout.odp_actions.size) { struct dpif_execute *execute = &op->dpif_op.u.execute; init_flow_miss_execute_op(miss, packet, op); - if (!subfacet->slow) { - execute->actions = subfacet->actions; - execute->actions_len = subfacet->actions_len; - ofpbuf_uninit(&odp_actions); - } else { - execute->actions = odp_actions.data; - execute->actions_len = odp_actions.size; - op->garbage = ofpbuf_get_uninit_pointer(&odp_actions); - } - + execute->actions = facet->xout.odp_actions.data, + execute->actions_len = facet->xout.odp_actions.size; (*n_ops)++; - } else { - ofpbuf_uninit(&odp_actions); } } - want_path = subfacet_want_path(subfacet->slow); if (miss->upcall_type == DPIF_UC_MISS || subfacet->path != want_path) { struct flow_miss_op *op = &ops[(*n_ops)++]; struct dpif_flow_put *put = &op->dpif_op.u.flow_put; subfacet->path = want_path; - op->garbage = NULL; + op->xout_garbage = false; op->dpif_op.type = DPIF_OP_FLOW_PUT; put->flags = DPIF_FP_CREATE | DPIF_FP_MODIFY; put->key = miss->key; put->key_len = miss->key_len; if (want_path == SF_FAST_PATH) { - put->actions = subfacet->actions; - put->actions_len = subfacet->actions_len; + put->actions = facet->xout.odp_actions.data; + put->actions_len = facet->xout.odp_actions.size; } else { - compose_slow_path(ofproto, &facet->flow, subfacet->slow, - op->stub, sizeof op->stub, + compose_slow_path(ofproto, &facet->flow, facet->xout.slow, + op->slow_stub, sizeof op->slow_stub, &put->actions, &put->actions_len); } put->stats = NULL; @@ -3561,14 +3815,18 @@ handle_flow_miss(struct flow_miss *miss, struct flow_miss_op *ops, facet = facet_lookup_valid(ofproto, &miss->flow, hash); if (!facet) { - struct rule_dpif *rule = rule_dpif_lookup(ofproto, &miss->flow); - - if (!flow_miss_should_make_facet(ofproto, miss, hash)) { - handle_flow_miss_without_facet(miss, rule, ops, n_ops); + /* There does not exist a bijection between 'struct flow' and datapath + * flow keys with fitness ODP_FIT_TO_LITTLE. This breaks a fundamental + * assumption used throughout the facet and subfacet handling code. + * Since we have to handle these misses in userspace anyway, we simply + * skip facet creation, avoiding the problem altogether. */ + if (miss->key_fitness == ODP_FIT_TOO_LITTLE + || !flow_miss_should_make_facet(ofproto, miss, hash)) { + handle_flow_miss_without_facet(miss, ops, n_ops); return; } - facet = facet_create(rule, &miss->flow, hash); + facet = facet_create(miss, hash); now = facet->used; } else { now = time_msec(); @@ -3634,10 +3892,11 @@ drop_key_clear(struct dpif_backer *backer) * flow->vlan_tci correctly for the VLAN of the VLAN splinter port, and pushes * a VLAN header onto 'packet' (if it is nonnull). * - * Optionally, if nonnull, sets '*initial_tci' to the VLAN TCI with which the - * packet was really received, that is, the actual VLAN TCI extracted by - * odp_flow_key_to_flow(). (This differs from the value returned in - * flow->vlan_tci only for packets received on VLAN splinters.) + * Optionally, if 'initial_vals' is nonnull, sets 'initial_vals->vlan_tci' + * to the VLAN TCI with which the packet was really received, that is, the + * actual VLAN TCI extracted by odp_flow_key_to_flow(). (This differs from + * the value returned in flow->vlan_tci only for packets received on + * VLAN splinters.) * * Similarly, this function also includes some logic to help with tunnels. It * may modify 'flow' as necessary to make the tunneling implementation @@ -3650,7 +3909,7 @@ ofproto_receive(const struct dpif_backer *backer, struct ofpbuf *packet, const struct nlattr *key, size_t key_len, struct flow *flow, enum odp_key_fitness *fitnessp, struct ofproto_dpif **ofproto, uint32_t *odp_in_port, - ovs_be16 *initial_tci) + struct initial_vals *initial_vals) { const struct ofport_dpif *port; enum odp_key_fitness fitness; @@ -3662,61 +3921,49 @@ ofproto_receive(const struct dpif_backer *backer, struct ofpbuf *packet, goto exit; } - if (initial_tci) { - *initial_tci = flow->vlan_tci; + if (initial_vals) { + initial_vals->vlan_tci = flow->vlan_tci; } if (odp_in_port) { *odp_in_port = flow->in_port; } - if (tnl_port_should_receive(flow)) { - const struct ofport *ofport = tnl_port_receive(flow); - if (!ofport) { - flow->in_port = OFPP_NONE; - goto exit; - } - port = ofport_dpif_cast(ofport); - - /* We can't reproduce 'key' from 'flow'. */ - fitness = fitness == ODP_FIT_PERFECT ? ODP_FIT_TOO_MUCH : fitness; + port = (tnl_port_should_receive(flow) + ? ofport_dpif_cast(tnl_port_receive(flow)) + : odp_port_to_ofport(backer, flow->in_port)); + flow->in_port = port ? port->up.ofp_port : OFPP_NONE; + if (!port) { + goto exit; + } - /* XXX: Since the tunnel module is not scoped per backer, it's - * theoretically possible that we'll receive an ofport belonging to an - * entirely different datapath. In practice, this can't happen because - * no platforms has two separate datapaths which each support - * tunneling. */ - ovs_assert(ofproto_dpif_cast(port->up.ofproto)->backer == backer); - } else { - port = odp_port_to_ofport(backer, flow->in_port); - if (!port) { - flow->in_port = OFPP_NONE; - goto exit; - } + /* XXX: Since the tunnel module is not scoped per backer, for a tunnel port + * it's theoretically possible that we'll receive an ofport belonging to an + * entirely different datapath. In practice, this can't happen because no + * platforms has two separate datapaths which each support tunneling. */ + ovs_assert(ofproto_dpif_cast(port->up.ofproto)->backer == backer); - flow->in_port = port->up.ofp_port; - if (vsp_adjust_flow(ofproto_dpif_cast(port->up.ofproto), flow)) { - if (packet) { - /* Make the packet resemble the flow, so that it gets sent to - * an OpenFlow controller properly, so that it looks correct - * for sFlow, and so that flow_extract() will get the correct - * vlan_tci if it is called on 'packet'. - * - * The allocated space inside 'packet' probably also contains - * 'key', that is, both 'packet' and 'key' are probably part of - * a struct dpif_upcall (see the large comment on that - * structure definition), so pushing data on 'packet' is in - * general not a good idea since it could overwrite 'key' or - * free it as a side effect. However, it's OK in this special - * case because we know that 'packet' is inside a Netlink - * attribute: pushing 4 bytes will just overwrite the 4-byte - * "struct nlattr", which is fine since we don't need that - * header anymore. */ - eth_push_vlan(packet, flow->vlan_tci); - } - /* We can't reproduce 'key' from 'flow'. */ - fitness = fitness == ODP_FIT_PERFECT ? ODP_FIT_TOO_MUCH : fitness; + if (vsp_adjust_flow(ofproto_dpif_cast(port->up.ofproto), flow)) { + if (packet) { + /* Make the packet resemble the flow, so that it gets sent to + * an OpenFlow controller properly, so that it looks correct + * for sFlow, and so that flow_extract() will get the correct + * vlan_tci if it is called on 'packet'. + * + * The allocated space inside 'packet' probably also contains + * 'key', that is, both 'packet' and 'key' are probably part of + * a struct dpif_upcall (see the large comment on that + * structure definition), so pushing data on 'packet' is in + * general not a good idea since it could overwrite 'key' or + * free it as a side effect. However, it's OK in this special + * case because we know that 'packet' is inside a Netlink + * attribute: pushing 4 bytes will just overwrite the 4-byte + * "struct nlattr", which is fine since we don't need that + * header anymore. */ + eth_push_vlan(packet, flow->vlan_tci); } + /* We can't reproduce 'key' from 'flow'. */ + fitness = fitness == ODP_FIT_PERFECT ? ODP_FIT_TOO_MUCH : fitness; } error = 0; @@ -3767,18 +4014,18 @@ handle_miss_upcalls(struct dpif_backer *backer, struct dpif_upcall *upcalls, error = ofproto_receive(backer, upcall->packet, upcall->key, upcall->key_len, &flow, &miss->key_fitness, - &ofproto, &odp_in_port, &miss->initial_tci); + &ofproto, &odp_in_port, &miss->initial_vals); if (error == ENODEV) { struct drop_key *drop_key; - /* Received packet on port for which we couldn't associate - * an ofproto. This can happen if a port is removed while - * traffic is being received. Print a rate-limited message + /* Received packet on datapath port for which we couldn't + * associate an ofproto. This can happen if a port is removed + * while traffic is being received. Print a rate-limited message * in case it happens frequently. Install a drop flow so * that future packets of the flow are inexpensively dropped * in the kernel. */ - VLOG_INFO_RL(&rl, "received packet on unassociated port %"PRIu32, - flow.in_port); + VLOG_INFO_RL(&rl, "received packet on unassociated datapath port " + "%"PRIu32, odp_in_port); drop_key = drop_key_lookup(backer, upcall->key, upcall->key_len); if (!drop_key) { @@ -3796,6 +4043,8 @@ handle_miss_upcalls(struct dpif_backer *backer, struct dpif_upcall *upcalls, if (error) { continue; } + + ofproto->n_missed++; flow_extract(upcall->packet, flow.skb_priority, flow.skb_mark, &flow.tunnel, flow.in_port, &miss->flow); @@ -3808,7 +4057,6 @@ handle_miss_upcalls(struct dpif_backer *backer, struct dpif_upcall *upcalls, miss->key = upcall->key; miss->key_len = upcall->key_len; miss->upcall_type = upcall->type; - miss->odp_in_port = odp_in_port; list_init(&miss->packets); n_misses++; @@ -3834,14 +4082,18 @@ handle_miss_upcalls(struct dpif_backer *backer, struct dpif_upcall *upcalls, /* Free memory. */ for (i = 0; i < n_ops; i++) { - free(flow_miss_ops[i].garbage); + if (flow_miss_ops[i].xout_garbage) { + xlate_out_uninit(&flow_miss_ops[i].xout); + } } hmap_destroy(&todo); } -static enum { SFLOW_UPCALL, MISS_UPCALL, BAD_UPCALL } +static enum { SFLOW_UPCALL, MISS_UPCALL, BAD_UPCALL, FLOW_SAMPLE_UPCALL, + IPFIX_UPCALL } classify_upcall(const struct dpif_upcall *upcall) { + size_t userdata_len; union user_action_cookie cookie; /* First look at the upcall type. */ @@ -3863,23 +4115,30 @@ classify_upcall(const struct dpif_upcall *upcall) VLOG_WARN_RL(&rl, "action upcall missing cookie"); return BAD_UPCALL; } - if (nl_attr_get_size(upcall->userdata) != sizeof(cookie)) { + userdata_len = nl_attr_get_size(upcall->userdata); + if (userdata_len < sizeof cookie.type + || userdata_len > sizeof cookie) { VLOG_WARN_RL(&rl, "action upcall cookie has unexpected size %zu", - nl_attr_get_size(upcall->userdata)); + userdata_len); return BAD_UPCALL; } - memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof(cookie)); - switch (cookie.type) { - case USER_ACTION_COOKIE_SFLOW: + memset(&cookie, 0, sizeof cookie); + memcpy(&cookie, nl_attr_get(upcall->userdata), userdata_len); + if (userdata_len == sizeof cookie.sflow + && cookie.type == USER_ACTION_COOKIE_SFLOW) { return SFLOW_UPCALL; - - case USER_ACTION_COOKIE_SLOW_PATH: + } else if (userdata_len == sizeof cookie.slow_path + && cookie.type == USER_ACTION_COOKIE_SLOW_PATH) { return MISS_UPCALL; - - case USER_ACTION_COOKIE_UNSPEC: - default: - VLOG_WARN_RL(&rl, "invalid user cookie : 0x%"PRIx64, - nl_attr_get_u64(upcall->userdata)); + } else if (userdata_len == sizeof cookie.flow_sample + && cookie.type == USER_ACTION_COOKIE_FLOW_SAMPLE) { + return FLOW_SAMPLE_UPCALL; + } else if (userdata_len == sizeof cookie.ipfix + && cookie.type == USER_ACTION_COOKIE_IPFIX) { + return IPFIX_UPCALL; + } else { + VLOG_WARN_RL(&rl, "invalid user cookie of type %"PRIu16 + " and size %zu", cookie.type, userdata_len); return BAD_UPCALL; } } @@ -3899,11 +4158,56 @@ handle_sflow_upcall(struct dpif_backer *backer, return; } - memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof(cookie)); + memset(&cookie, 0, sizeof cookie); + memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof cookie.sflow); dpif_sflow_received(ofproto->sflow, upcall->packet, &flow, odp_in_port, &cookie); } +static void +handle_flow_sample_upcall(struct dpif_backer *backer, + const struct dpif_upcall *upcall) +{ + struct ofproto_dpif *ofproto; + union user_action_cookie cookie; + struct flow flow; + + if (ofproto_receive(backer, upcall->packet, upcall->key, upcall->key_len, + &flow, NULL, &ofproto, NULL, NULL) + || !ofproto->ipfix) { + return; + } + + memset(&cookie, 0, sizeof cookie); + memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof cookie.flow_sample); + + /* The flow reflects exactly the contents of the packet. Sample + * the packet using it. */ + dpif_ipfix_flow_sample(ofproto->ipfix, upcall->packet, &flow, + cookie.flow_sample.collector_set_id, + cookie.flow_sample.probability, + cookie.flow_sample.obs_domain_id, + cookie.flow_sample.obs_point_id); +} + +static void +handle_ipfix_upcall(struct dpif_backer *backer, + const struct dpif_upcall *upcall) +{ + struct ofproto_dpif *ofproto; + struct flow flow; + + if (ofproto_receive(backer, upcall->packet, upcall->key, upcall->key_len, + &flow, NULL, &ofproto, NULL, NULL) + || !ofproto->ipfix) { + return; + } + + /* The flow reflects exactly the contents of the packet. Sample + * the packet using it. */ + dpif_ipfix_bridge_sample(ofproto->ipfix, upcall->packet, &flow); +} + static int handle_upcalls(struct dpif_backer *backer, unsigned int max_batch) { @@ -3941,6 +4245,16 @@ handle_upcalls(struct dpif_backer *backer, unsigned int max_batch) ofpbuf_uninit(buf); break; + case FLOW_SAMPLE_UPCALL: + handle_flow_sample_upcall(backer, upcall); + ofpbuf_uninit(buf); + break; + + case IPFIX_UPCALL: + handle_ipfix_upcall(backer, upcall); + ofpbuf_uninit(buf); + break; + case BAD_UPCALL: ofpbuf_uninit(buf); break; @@ -3990,6 +4304,9 @@ expire(struct dpif_backer *backer) continue; } + /* Keep track of the max number of flows per ofproto_dpif. */ + update_max_subfacet_count(ofproto); + /* Expire subfacets that have been idle too long. */ dp_max_idle = subfacet_max_idle(ofproto); expire_subfacets(ofproto, dp_max_idle); @@ -4026,32 +4343,36 @@ update_subfacet_stats(struct subfacet *subfacet, const struct dpif_flow_stats *stats) { struct facet *facet = subfacet->facet; + struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); + struct dpif_flow_stats diff; + + diff.tcp_flags = stats->tcp_flags; + diff.used = stats->used; if (stats->n_packets >= subfacet->dp_packet_count) { - uint64_t extra = stats->n_packets - subfacet->dp_packet_count; - facet->packet_count += extra; + diff.n_packets = stats->n_packets - subfacet->dp_packet_count; } else { VLOG_WARN_RL(&rl, "unexpected packet count from the datapath"); + diff.n_packets = 0; } if (stats->n_bytes >= subfacet->dp_byte_count) { - facet->byte_count += stats->n_bytes - subfacet->dp_byte_count; + diff.n_bytes = stats->n_bytes - subfacet->dp_byte_count; } else { VLOG_WARN_RL(&rl, "unexpected byte count from datapath"); + diff.n_bytes = 0; } + ofproto->n_hit += diff.n_packets; subfacet->dp_packet_count = stats->n_packets; subfacet->dp_byte_count = stats->n_bytes; + subfacet_update_stats(subfacet, &diff); - facet->tcp_flags |= stats->tcp_flags; - - subfacet_update_time(subfacet, stats->used); if (facet->accounted_bytes < facet->byte_count) { facet_learn(facet); facet_account(facet); facet->accounted_bytes = facet->byte_count; } - facet_push_stats(facet); } /* 'key' with length 'key_len' bytes is a flow in 'dpif' that we know nothing @@ -4083,6 +4404,11 @@ delete_unexpected_flow(struct ofproto_dpif *ofproto, * avoided by calling update_stats() whenever rules are created or * deleted. However, the performance impact of making so many calls to the * datapath do not justify the benefit of having perfectly accurate statistics. + * + * In addition, this function maintains per ofproto flow hit counts. The patch + * port is not treated specially. e.g. A packet ingress from br0 patched into + * br1 will increase the hit count of br0 by 1, however, does not affect + * the hit or miss counts of br1. */ static void update_stats(struct dpif_backer *backer) @@ -4090,14 +4416,13 @@ update_stats(struct dpif_backer *backer) const struct dpif_flow_stats *stats; struct dpif_flow_dump dump; const struct nlattr *key; + struct ofproto_dpif *ofproto; size_t key_len; dpif_flow_dump_start(&dump, backer->dpif); while (dpif_flow_dump_next(&dump, &key, &key_len, NULL, NULL, &stats)) { struct flow flow; struct subfacet *subfacet; - struct ofproto_dpif *ofproto; - struct ofport_dpif *ofport; uint32_t key_hash; if (ofproto_receive(backer, NULL, key, key_len, &flow, NULL, &ofproto, @@ -4105,10 +4430,8 @@ update_stats(struct dpif_backer *backer) continue; } - ofport = get_ofp_port(ofproto, flow.in_port); - if (ofport && ofport->tnl_port) { - netdev_vport_inc_rx(ofport->up.netdev, stats); - } + ofproto->total_subfacet_count += hmap_count(&ofproto->subfacets); + ofproto->n_update_stats++; key_hash = odp_flow_key_hash(key, key_len); subfacet = subfacet_find(ofproto, key, key_len, key_hash); @@ -4126,8 +4449,14 @@ update_stats(struct dpif_backer *backer) delete_unexpected_flow(ofproto, key, key_len); break; } + run_fast_rl(); } dpif_flow_dump_done(&dump); + + HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { + update_moving_averages(ofproto); + } + } /* Calculates and returns the number of milliseconds of idle time after which @@ -4237,7 +4566,8 @@ expire_subfacets(struct ofproto_dpif *ofproto, int dp_max_idle) &ofproto->subfacets) { long long int cutoff; - cutoff = (subfacet->slow & (SLOW_CFM | SLOW_LACP | SLOW_STP) + cutoff = (subfacet->facet->xout.slow & (SLOW_CFM | SLOW_BFD | SLOW_LACP + | SLOW_STP) ? special_cutoff : normal_cutoff); if (subfacet->used < cutoff) { @@ -4298,39 +4628,51 @@ rule_expire(struct rule_dpif *rule) /* Facets. */ -/* Creates and returns a new facet owned by 'rule', given a 'flow'. +/* Creates and returns a new facet based on 'miss'. * * The caller must already have determined that no facet with an identical - * 'flow' exists in 'ofproto' and that 'flow' is the best match for 'rule' in - * the ofproto's classifier table. + * 'miss->flow' exists in 'miss->ofproto'. * - * 'hash' must be the return value of flow_hash(flow, 0). + * 'hash' must be the return value of flow_hash(miss->flow, 0). * * The facet will initially have no subfacets. The caller should create (at * least) one subfacet with subfacet_create(). */ static struct facet * -facet_create(struct rule_dpif *rule, const struct flow *flow, uint32_t hash) +facet_create(const struct flow_miss *miss, uint32_t hash) { - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); + struct ofproto_dpif *ofproto = miss->ofproto; + struct xlate_in xin; struct facet *facet; facet = xzalloc(sizeof *facet); facet->used = time_msec(); + facet->flow = miss->flow; + facet->initial_vals = miss->initial_vals; + facet->rule = rule_dpif_lookup(ofproto, &facet->flow); + facet->learn_rl = time_msec() + 500; + hmap_insert(&ofproto->facets, &facet->hmap_node, hash); - list_push_back(&rule->facets, &facet->list_node); - facet->rule = rule; - facet->flow = *flow; + list_push_back(&facet->rule->facets, &facet->list_node); list_init(&facet->subfacets); netflow_flow_init(&facet->nf_flow); netflow_flow_update_time(ofproto->netflow, &facet->nf_flow, facet->used); + xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, + facet->rule, 0, NULL); + xin.may_learn = true; + xlate_actions(&xin, &facet->xout); + facet->nf_flow.output_iface = facet->xout.nf_output_iface; + return facet; } static void facet_free(struct facet *facet) { - free(facet); + if (facet) { + xlate_out_uninit(&facet->xout); + free(facet); + } } /* Executes, within 'ofproto', the 'n_actions' actions in 'actions' on @@ -4395,35 +4737,34 @@ facet_remove(struct facet *facet) static void facet_learn(struct facet *facet) { - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - struct action_xlate_ctx ctx; + long long int now = time_msec(); - if (!facet->has_learn - && !facet->has_normal - && (!facet->has_fin_timeout + if (!facet->xout.has_fin_timeout && now < facet->learn_rl) { + return; + } + + facet->learn_rl = now + 500; + + if (!facet->xout.has_learn + && !facet->xout.has_normal + && (!facet->xout.has_fin_timeout || !(facet->tcp_flags & (TCP_FIN | TCP_RST)))) { return; } - action_xlate_ctx_init(&ctx, ofproto, &facet->flow, - facet->flow.vlan_tci, - facet->rule, facet->tcp_flags, NULL); - ctx.may_learn = true; - xlate_actions_for_side_effects(&ctx, facet->rule->up.ofpacts, - facet->rule->up.ofpacts_len); + facet_push_stats(facet, true); } static void facet_account(struct facet *facet) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - struct subfacet *subfacet; const struct nlattr *a; unsigned int left; ovs_be16 vlan_tci; uint64_t n_bytes; - if (!facet->has_normal || !ofproto->has_bonded_bundles) { + if (!facet->xout.has_normal || !ofproto->has_bonded_bundles) { return; } n_bytes = facet->byte_count - facet->accounted_bytes; @@ -4436,11 +4777,9 @@ facet_account(struct facet *facet) * * We use the actions from an arbitrary subfacet because they should all * be equally valid for our purpose. */ - subfacet = CONTAINER_OF(list_front(&facet->subfacets), - struct subfacet, list_node); vlan_tci = facet->flow.vlan_tci; - NL_ATTR_FOR_EACH_UNSAFE (a, left, - subfacet->actions, subfacet->actions_len) { + NL_ATTR_FOR_EACH_UNSAFE (a, left, facet->xout.odp_actions.data, + facet->xout.odp_actions.size) { const struct ovs_action_push_vlan *vlan; struct ofport_dpif *port; @@ -4500,7 +4839,7 @@ facet_flush_stats(struct facet *facet) ovs_assert(!subfacet->dp_packet_count); } - facet_push_stats(facet); + facet_push_stats(facet, false); if (facet->accounted_bytes < facet->byte_count) { facet_account(facet); facet->accounted_bytes = facet->byte_count; @@ -4515,9 +4854,6 @@ facet_flush_stats(struct facet *facet) netflow_expire(ofproto->netflow, &facet->nf_flow, &expired); } - facet->rule->packet_count += facet->packet_count; - facet->rule->byte_count += facet->byte_count; - /* Reset counters to prevent double counting if 'facet' ever gets * reinstalled. */ facet_reset_counters(facet); @@ -4564,54 +4900,14 @@ facet_lookup_valid(struct ofproto_dpif *ofproto, const struct flow *flow, if (facet && (ofproto->backer->need_revalidate || tag_set_intersects(&ofproto->backer->revalidate_set, - facet->tags))) { - facet_revalidate(facet); - - /* facet_revalidate() may have destroyed 'facet'. */ - facet = facet_find(ofproto, flow, hash); + facet->xout.tags)) + && !facet_revalidate(facet)) { + return NULL; } return facet; } -static const char * -subfacet_path_to_string(enum subfacet_path path) -{ - switch (path) { - case SF_NOT_INSTALLED: - return "not installed"; - case SF_FAST_PATH: - return "in fast path"; - case SF_SLOW_PATH: - return "in slow path"; - default: - return ""; - } -} - -/* Returns the path in which a subfacet should be installed if its 'slow' - * member has the specified value. */ -static enum subfacet_path -subfacet_want_path(enum slow_path_reason slow) -{ - return slow ? SF_SLOW_PATH : SF_FAST_PATH; -} - -/* Returns true if 'subfacet' needs to have its datapath flow updated, - * supposing that its actions have been recalculated as 'want_actions' and that - * 'slow' is nonzero iff 'subfacet' should be in the slow path. */ -static bool -subfacet_should_install(struct subfacet *subfacet, enum slow_path_reason slow, - const struct ofpbuf *want_actions) -{ - enum subfacet_path want_path = subfacet_want_path(slow); - return (want_path != subfacet->path - || (want_path == SF_FAST_PATH - && (subfacet->actions_len != want_actions->size - || memcmp(subfacet->actions, want_actions->data, - subfacet->actions_len)))); -} - static bool facet_check_consistency(struct facet *facet) { @@ -4619,23 +4915,18 @@ facet_check_consistency(struct facet *facet) struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - uint64_t odp_actions_stub[1024 / 8]; - struct ofpbuf odp_actions; + struct xlate_out xout; + struct xlate_in xin; struct rule_dpif *rule; - struct subfacet *subfacet; - bool may_log = false; bool ok; /* Check the rule for consistency. */ rule = rule_dpif_lookup(ofproto, &facet->flow); - ok = rule == facet->rule; - if (!ok) { - may_log = !VLOG_DROP_WARN(&rl); - if (may_log) { - struct ds s; + if (rule != facet->rule) { + if (!VLOG_DROP_WARN(&rl)) { + struct ds s = DS_EMPTY_INITIALIZER; - ds_init(&s); flow_format(&s, &facet->flow); ds_put_format(&s, ": facet associated with wrong rule (was " "table=%"PRIu8",", facet->rule->up.table_id); @@ -4643,81 +4934,43 @@ facet_check_consistency(struct facet *facet) ds_put_format(&s, ") (should have been table=%"PRIu8",", rule->up.table_id); cls_rule_format(&rule->up.cr, &s); - ds_put_char(&s, ')'); + ds_put_cstr(&s, ")\n"); - VLOG_WARN("%s", ds_cstr(&s)); ds_destroy(&s); } + return false; } /* Check the datapath actions for consistency. */ - ofpbuf_use_stub(&odp_actions, odp_actions_stub, sizeof odp_actions_stub); - LIST_FOR_EACH (subfacet, list_node, &facet->subfacets) { - enum subfacet_path want_path; - struct action_xlate_ctx ctx; - struct ds s; + xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, rule, + 0, NULL); + xlate_actions(&xin, &xout); - action_xlate_ctx_init(&ctx, ofproto, &facet->flow, - subfacet->initial_tci, rule, 0, NULL); - xlate_actions(&ctx, rule->up.ofpacts, rule->up.ofpacts_len, - &odp_actions); + ok = ofpbuf_equal(&facet->xout.odp_actions, &xout.odp_actions) + && facet->xout.slow == xout.slow; + if (!ok && !VLOG_DROP_WARN(&rl)) { + struct ds s = DS_EMPTY_INITIALIZER; - if (subfacet->path == SF_NOT_INSTALLED) { - /* This only happens if the datapath reported an error when we - * tried to install the flow. Don't flag another error here. */ - continue; - } - - want_path = subfacet_want_path(subfacet->slow); - if (want_path == SF_SLOW_PATH && subfacet->path == SF_SLOW_PATH) { - /* The actions for slow-path flows may legitimately vary from one - * packet to the next. We're done. */ - continue; - } + flow_format(&s, &facet->flow); + ds_put_cstr(&s, ": inconsistency in facet"); - if (!subfacet_should_install(subfacet, subfacet->slow, &odp_actions)) { - continue; + if (!ofpbuf_equal(&facet->xout.odp_actions, &xout.odp_actions)) { + ds_put_cstr(&s, " (actions were: "); + format_odp_actions(&s, facet->xout.odp_actions.data, + facet->xout.odp_actions.size); + ds_put_cstr(&s, ") (correct actions: "); + format_odp_actions(&s, xout.odp_actions.data, + xout.odp_actions.size); + ds_put_cstr(&s, ")"); } - /* Inconsistency! */ - if (ok) { - may_log = !VLOG_DROP_WARN(&rl); - ok = false; - } - if (!may_log) { - /* Rate-limited, skip reporting. */ - continue; + if (facet->xout.slow != xout.slow) { + ds_put_format(&s, " slow path incorrect. should be %d", xout.slow); } - ds_init(&s); - odp_flow_key_format(subfacet->key, subfacet->key_len, &s); - - ds_put_cstr(&s, ": inconsistency in subfacet"); - if (want_path != subfacet->path) { - enum odp_key_fitness fitness = subfacet->key_fitness; - - ds_put_format(&s, " (%s, fitness=%s)", - subfacet_path_to_string(subfacet->path), - odp_key_fitness_to_string(fitness)); - ds_put_format(&s, " (should have been %s)", - subfacet_path_to_string(want_path)); - } else if (want_path == SF_FAST_PATH) { - ds_put_cstr(&s, " (actions were: "); - format_odp_actions(&s, subfacet->actions, - subfacet->actions_len); - ds_put_cstr(&s, ") (correct actions: "); - format_odp_actions(&s, odp_actions.data, odp_actions.size); - ds_put_char(&s, ')'); - } else { - ds_put_cstr(&s, " (actions: "); - format_odp_actions(&s, subfacet->actions, - subfacet->actions_len); - ds_put_char(&s, ')'); - } - VLOG_WARN("%s", ds_cstr(&s)); ds_destroy(&s); } - ofpbuf_uninit(&odp_actions); + xlate_out_uninit(&xout); return ok; } @@ -4731,24 +4984,17 @@ facet_check_consistency(struct facet *facet) * where it is and recompiles its actions anyway. * * - If any of 'facet''s subfacets correspond to a new flow according to - * ofproto_receive(), 'facet' is removed. */ -static void + * ofproto_receive(), 'facet' is removed. + * + * Returns true if 'facet' is still valid. False if 'facet' was removed. */ +static bool facet_revalidate(struct facet *facet) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - struct actions { - struct nlattr *odp_actions; - size_t actions_len; - }; - struct actions *new_actions; - - struct action_xlate_ctx ctx; - uint64_t odp_actions_stub[1024 / 8]; - struct ofpbuf odp_actions; - struct rule_dpif *new_rule; struct subfacet *subfacet; - int i; + struct xlate_out xout; + struct xlate_in xin; COVERAGE_INC(facet_revalidate); @@ -4767,7 +5013,7 @@ facet_revalidate(struct facet *facet) || recv_ofproto != ofproto || memcmp(&recv_flow, &facet->flow, sizeof recv_flow)) { facet_remove(facet); - return; + return false; } } @@ -4778,66 +5024,45 @@ facet_revalidate(struct facet *facet) * We do not modify any 'facet' state yet, because we might need to, e.g., * emit a NetFlow expiration and, if so, we need to have the old state * around to properly compose it. */ + xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, new_rule, + 0, NULL); + xlate_actions(&xin, &xout); + + /* A facet's slow path reason should only change under dramatic + * circumstances. Rather than try to update everything, it's simpler to + * remove the facet and start over. */ + if (facet->xout.slow != xout.slow) { + facet_remove(facet); + xlate_out_uninit(&xout); + return false; + } - /* If the datapath actions changed or the installability changed, - * then we need to talk to the datapath. */ - i = 0; - new_actions = NULL; - memset(&ctx, 0, sizeof ctx); - ofpbuf_use_stub(&odp_actions, odp_actions_stub, sizeof odp_actions_stub); - LIST_FOR_EACH (subfacet, list_node, &facet->subfacets) { - enum slow_path_reason slow; - - action_xlate_ctx_init(&ctx, ofproto, &facet->flow, - subfacet->initial_tci, new_rule, 0, NULL); - xlate_actions(&ctx, new_rule->up.ofpacts, new_rule->up.ofpacts_len, - &odp_actions); - - slow = (subfacet->slow & SLOW_MATCH) | ctx.slow; - if (subfacet_should_install(subfacet, slow, &odp_actions)) { - struct dpif_flow_stats stats; - - subfacet_install(subfacet, - odp_actions.data, odp_actions.size, &stats, slow); - subfacet_update_stats(subfacet, &stats); + if (!ofpbuf_equal(&facet->xout.odp_actions, &xout.odp_actions)) { + LIST_FOR_EACH(subfacet, list_node, &facet->subfacets) { + if (subfacet->path == SF_FAST_PATH) { + struct dpif_flow_stats stats; - if (!new_actions) { - new_actions = xcalloc(list_size(&facet->subfacets), - sizeof *new_actions); + subfacet_install(subfacet, &xout.odp_actions, &stats); + subfacet_update_stats(subfacet, &stats); } - new_actions[i].odp_actions = xmemdup(odp_actions.data, - odp_actions.size); - new_actions[i].actions_len = odp_actions.size; } - i++; - } - ofpbuf_uninit(&odp_actions); - - if (new_actions) { facet_flush_stats(facet); + + ofpbuf_clear(&facet->xout.odp_actions); + ofpbuf_put(&facet->xout.odp_actions, xout.odp_actions.data, + xout.odp_actions.size); } /* Update 'facet' now that we've taken care of all the old state. */ - facet->tags = ctx.tags; - facet->nf_flow.output_iface = ctx.nf_output_iface; - facet->has_learn = ctx.has_learn; - facet->has_normal = ctx.has_normal; - facet->has_fin_timeout = ctx.has_fin_timeout; - facet->mirrors = ctx.mirrors; - - i = 0; - LIST_FOR_EACH (subfacet, list_node, &facet->subfacets) { - subfacet->slow = (subfacet->slow & SLOW_MATCH) | ctx.slow; - - if (new_actions && new_actions[i].odp_actions) { - free(subfacet->actions); - subfacet->actions = new_actions[i].odp_actions; - subfacet->actions_len = new_actions[i].actions_len; - } - i++; - } - free(new_actions); + facet->xout.tags = xout.tags; + facet->xout.slow = xout.slow; + facet->xout.has_learn = xout.has_learn; + facet->xout.has_normal = xout.has_normal; + facet->xout.has_fin_timeout = xout.has_fin_timeout; + facet->xout.nf_output_iface = xout.nf_output_iface; + facet->xout.mirrors = xout.mirrors; + facet->nf_flow.output_iface = facet->xout.nf_output_iface; if (facet->rule != new_rule) { COVERAGE_INC(facet_changed_rule); @@ -4847,19 +5072,9 @@ facet_revalidate(struct facet *facet) facet->used = new_rule->up.created; facet->prev_used = facet->used; } -} -/* Updates 'facet''s used time. Caller is responsible for calling - * facet_push_stats() to update the flows which 'facet' resubmits into. */ -static void -facet_update_time(struct facet *facet, long long int used) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - if (used > facet->used) { - facet->used = used; - ofproto_rule_update_used(&facet->rule->up, used); - netflow_flow_update_time(ofproto->netflow, &facet->nf_flow, used); - } + xlate_out_uninit(&xout); + return true; } static void @@ -4873,7 +5088,7 @@ facet_reset_counters(struct facet *facet) } static void -facet_push_stats(struct facet *facet) +facet_push_stats(struct facet *facet, bool may_learn) { struct dpif_flow_stats stats; @@ -4884,44 +5099,75 @@ facet_push_stats(struct facet *facet) stats.n_packets = facet->packet_count - facet->prev_packet_count; stats.n_bytes = facet->byte_count - facet->prev_byte_count; stats.used = facet->used; - stats.tcp_flags = 0; + stats.tcp_flags = facet->tcp_flags; + + if (may_learn || stats.n_packets || facet->used > facet->prev_used) { + struct ofproto_dpif *ofproto = + ofproto_dpif_cast(facet->rule->up.ofproto); + + struct ofport_dpif *in_port; + struct xlate_in xin; - if (stats.n_packets || stats.n_bytes || facet->used > facet->prev_used) { facet->prev_packet_count = facet->packet_count; facet->prev_byte_count = facet->byte_count; facet->prev_used = facet->used; - flow_push_stats(facet, &stats); + in_port = get_ofp_port(ofproto, facet->flow.in_port); + if (in_port && in_port->tnl_port) { + netdev_vport_inc_rx(in_port->up.netdev, &stats); + } + + rule_credit_stats(facet->rule, &stats); + netflow_flow_update_time(ofproto->netflow, &facet->nf_flow, + facet->used); + netflow_flow_update_flags(&facet->nf_flow, facet->tcp_flags); + update_mirror_stats(ofproto, facet->xout.mirrors, stats.n_packets, + stats.n_bytes); - update_mirror_stats(ofproto_dpif_cast(facet->rule->up.ofproto), - facet->mirrors, stats.n_packets, stats.n_bytes); + xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, + facet->rule, stats.tcp_flags, NULL); + xin.resubmit_stats = &stats; + xin.may_learn = may_learn; + xlate_actions_for_side_effects(&xin); } } static void -rule_credit_stats(struct rule_dpif *rule, const struct dpif_flow_stats *stats) +push_all_stats__(bool run_fast) { - rule->packet_count += stats->n_packets; - rule->byte_count += stats->n_bytes; - ofproto_rule_update_used(&rule->up, stats->used); + static long long int rl = LLONG_MIN; + struct ofproto_dpif *ofproto; + + if (time_msec() < rl) { + return; + } + + HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { + struct facet *facet; + + HMAP_FOR_EACH (facet, hmap_node, &ofproto->facets) { + facet_push_stats(facet, false); + if (run_fast) { + run_fast_rl(); + } + } + } + + rl = time_msec() + 100; } -/* Pushes flow statistics to the rules which 'facet->flow' resubmits - * into given 'facet->rule''s actions and mirrors. */ static void -flow_push_stats(struct facet *facet, const struct dpif_flow_stats *stats) +push_all_stats(void) { - struct rule_dpif *rule = facet->rule; - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - struct action_xlate_ctx ctx; + push_all_stats__(true); +} +static void +rule_credit_stats(struct rule_dpif *rule, const struct dpif_flow_stats *stats) +{ + rule->packet_count += stats->n_packets; + rule->byte_count += stats->n_bytes; ofproto_rule_update_used(&rule->up, stats->used); - - action_xlate_ctx_init(&ctx, ofproto, &facet->flow, facet->flow.vlan_tci, - rule, 0, NULL); - ctx.resubmit_stats = stats; - xlate_actions_for_side_effects(&ctx, rule->up.ofpacts, - rule->up.ofpacts_len); } /* Subfacets. */ @@ -4946,11 +5192,7 @@ subfacet_find(struct ofproto_dpif *ofproto, /* Searches 'facet' (within 'ofproto') for a subfacet with the specified * 'key_fitness', 'key', and 'key_len' members in 'miss'. Returns the * existing subfacet if there is one, otherwise creates and returns a - * new subfacet. - * - * If the returned subfacet is new, then subfacet->actions will be NULL, in - * which case the caller must populate the actions with - * subfacet_make_actions(). */ + * new subfacet. */ static struct subfacet * subfacet_create(struct facet *facet, struct flow_miss *miss, long long int now) @@ -4988,17 +5230,12 @@ subfacet_create(struct facet *facet, struct flow_miss *miss, subfacet->key = xmemdup(key, key_len); subfacet->key_len = key_len; subfacet->used = now; + subfacet->created = now; subfacet->dp_packet_count = 0; subfacet->dp_byte_count = 0; - subfacet->actions_len = 0; - subfacet->actions = NULL; - subfacet->slow = (subfacet->key_fitness == ODP_FIT_TOO_LITTLE - ? SLOW_MATCH - : 0); subfacet->path = SF_NOT_INSTALLED; - subfacet->initial_tci = miss->initial_tci; - subfacet->odp_in_port = miss->odp_in_port; + ofproto->subfacet_add_count++; return subfacet; } @@ -5010,11 +5247,14 @@ subfacet_destroy__(struct subfacet *subfacet) struct facet *facet = subfacet->facet; struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); + /* Update ofproto stats before uninstall the subfacet. */ + ofproto->subfacet_del_count++; + ofproto->total_subfacet_life_span += (time_msec() - subfacet->created); + subfacet_uninstall(subfacet); hmap_remove(&ofproto->subfacets, &subfacet->hmap_node); list_remove(&subfacet->list_node); free(subfacet->key); - free(subfacet->actions); if (subfacet != &facet->one_subfacet) { free(subfacet); } @@ -5057,38 +5297,7 @@ subfacet_destroy_batch(struct ofproto_dpif *ofproto, subfacet_reset_dp_stats(subfacets[i], &stats[i]); subfacets[i]->path = SF_NOT_INSTALLED; subfacet_destroy(subfacets[i]); - } -} - -/* Composes the datapath actions for 'subfacet' based on its rule's actions. - * Translates the actions into 'odp_actions', which the caller must have - * initialized and is responsible for uninitializing. */ -static void -subfacet_make_actions(struct subfacet *subfacet, const struct ofpbuf *packet, - struct ofpbuf *odp_actions) -{ - struct facet *facet = subfacet->facet; - struct rule_dpif *rule = facet->rule; - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - - struct action_xlate_ctx ctx; - - action_xlate_ctx_init(&ctx, ofproto, &facet->flow, subfacet->initial_tci, - rule, 0, packet); - xlate_actions(&ctx, rule->up.ofpacts, rule->up.ofpacts_len, odp_actions); - facet->tags = ctx.tags; - facet->has_learn = ctx.has_learn; - facet->has_normal = ctx.has_normal; - facet->has_fin_timeout = ctx.has_fin_timeout; - facet->nf_flow.output_iface = ctx.nf_output_iface; - facet->mirrors = ctx.mirrors; - - subfacet->slow = (subfacet->slow & SLOW_MATCH) | ctx.slow; - if (subfacet->actions_len != odp_actions->size - || memcmp(subfacet->actions, odp_actions->data, odp_actions->size)) { - free(subfacet->actions); - subfacet->actions_len = odp_actions->size; - subfacet->actions = xmemdup(odp_actions->data, odp_actions->size); + run_fast_rl(); } } @@ -5099,14 +5308,15 @@ subfacet_make_actions(struct subfacet *subfacet, const struct ofpbuf *packet, * * Returns 0 if successful, otherwise a positive errno value. */ static int -subfacet_install(struct subfacet *subfacet, - const struct nlattr *actions, size_t actions_len, - struct dpif_flow_stats *stats, - enum slow_path_reason slow) +subfacet_install(struct subfacet *subfacet, const struct ofpbuf *odp_actions, + struct dpif_flow_stats *stats) { struct facet *facet = subfacet->facet; struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - enum subfacet_path path = subfacet_want_path(slow); + enum subfacet_path path = facet->xout.slow ? SF_SLOW_PATH : SF_FAST_PATH; + const struct nlattr *actions = odp_actions->data; + size_t actions_len = odp_actions->size; + uint64_t slow_path_stub[128 / 8]; enum dpif_flow_put_flags flags; int ret; @@ -5117,7 +5327,7 @@ subfacet_install(struct subfacet *subfacet, } if (path == SF_SLOW_PATH) { - compose_slow_path(ofproto, &facet->flow, slow, + compose_slow_path(ofproto, &facet->flow, facet->xout.slow, slow_path_stub, sizeof slow_path_stub, &actions, &actions_len); } @@ -5135,13 +5345,6 @@ subfacet_install(struct subfacet *subfacet, return ret; } -static int -subfacet_reinstall(struct subfacet *subfacet, struct dpif_flow_stats *stats) -{ - return subfacet_install(subfacet, subfacet->actions, subfacet->actions_len, - stats, subfacet->slow); -} - /* If 'subfacet' is installed in the datapath, uninstalls it. */ static void subfacet_uninstall(struct subfacet *subfacet) @@ -5185,17 +5388,6 @@ subfacet_reset_dp_stats(struct subfacet *subfacet, subfacet->dp_byte_count = 0; } -/* Updates 'subfacet''s used time. The caller is responsible for calling - * facet_push_stats() to update the flows which 'subfacet' resubmits into. */ -static void -subfacet_update_time(struct subfacet *subfacet, long long int used) -{ - if (used > subfacet->used) { - subfacet->used = used; - facet_update_time(subfacet->facet, used); - } -} - /* Folds the statistics from 'stats' into the counters in 'subfacet'. * * Because of the meaning of a subfacet's counters, it only makes sense to do @@ -5209,12 +5401,11 @@ subfacet_update_stats(struct subfacet *subfacet, if (stats->n_packets || stats->used > subfacet->used) { struct facet *facet = subfacet->facet; - subfacet_update_time(subfacet, stats->used); + subfacet->used = MAX(subfacet->used, stats->used); + facet->used = MAX(facet->used, stats->used); facet->packet_count += stats->n_packets; facet->byte_count += stats->n_bytes; facet->tcp_flags |= stats->tcp_flags; - facet_push_stats(facet); - netflow_flow_update_flags(&facet->nf_flow, stats->tcp_flags); } } @@ -5371,20 +5562,17 @@ static void rule_get_stats(struct rule *rule_, uint64_t *packets, uint64_t *bytes) { struct rule_dpif *rule = rule_dpif_cast(rule_); - struct facet *facet; + + /* push_all_stats() can handle flow misses which, when using the learn + * action, can cause rules to be added and deleted. This can corrupt our + * caller's datastructures which assume that rule_get_stats() doesn't have + * an impact on the flow table. To be safe, we disable miss handling. */ + push_all_stats__(false); /* Start from historical data for 'rule' itself that are no longer tracked * in facets. This counts, for example, facets that have expired. */ *packets = rule->packet_count; *bytes = rule->byte_count; - - /* Add any statistics that are tracked by facets. This includes - * statistical data recently updated by ofproto_update_stats() as well as - * stats for packets that were executed "by hand" via dpif_execute(). */ - LIST_FOR_EACH (facet, list_node, &rule->facets) { - *packets += facet->packet_count; - *bytes += facet->byte_count; - } } static void @@ -5392,26 +5580,24 @@ rule_dpif_execute(struct rule_dpif *rule, const struct flow *flow, struct ofpbuf *packet) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - + struct initial_vals initial_vals; struct dpif_flow_stats stats; - - struct action_xlate_ctx ctx; - uint64_t odp_actions_stub[1024 / 8]; - struct ofpbuf odp_actions; + struct xlate_out xout; + struct xlate_in xin; dpif_flow_stats_extract(flow, packet, time_msec(), &stats); rule_credit_stats(rule, &stats); - ofpbuf_use_stub(&odp_actions, odp_actions_stub, sizeof odp_actions_stub); - action_xlate_ctx_init(&ctx, ofproto, flow, flow->vlan_tci, - rule, stats.tcp_flags, packet); - ctx.resubmit_stats = &stats; - xlate_actions(&ctx, rule->up.ofpacts, rule->up.ofpacts_len, &odp_actions); + initial_vals.vlan_tci = flow->vlan_tci; + xlate_in_init(&xin, ofproto, flow, &initial_vals, rule, stats.tcp_flags, + packet); + xin.resubmit_stats = &stats; + xlate_actions(&xin, &xout); - execute_odp_actions(ofproto, flow, odp_actions.data, - odp_actions.size, packet); + execute_odp_actions(ofproto, flow, xout.odp_actions.data, + xout.odp_actions.size, packet); - ofpbuf_uninit(&odp_actions); + xlate_out_uninit(&xout); } static enum ofperr @@ -5437,88 +5623,59 @@ rule_modify_actions(struct rule *rule_) static int send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet) { - const struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport->up.ofproto); + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport->up.ofproto); uint64_t odp_actions_stub[1024 / 8]; struct ofpbuf key, odp_actions; + struct dpif_flow_stats stats; struct odputil_keybuf keybuf; - uint32_t odp_port; + struct ofpact_output output; + struct xlate_out xout; + struct xlate_in xin; struct flow flow; int error; - flow_extract(packet, 0, 0, NULL, OFPP_LOCAL, &flow); - if (netdev_vport_is_patch(ofport->up.netdev)) { - struct ofproto_dpif *peer_ofproto; - struct dpif_flow_stats stats; - struct ofport_dpif *peer; - struct rule_dpif *rule; - - peer = ofport_get_peer(ofport); - if (!peer) { - return ENODEV; - } - - dpif_flow_stats_extract(&flow, packet, time_msec(), &stats); - netdev_vport_inc_tx(ofport->up.netdev, &stats); - netdev_vport_inc_rx(peer->up.netdev, &stats); - - flow.in_port = peer->up.ofp_port; - peer_ofproto = ofproto_dpif_cast(peer->up.ofproto); - rule = rule_dpif_lookup(peer_ofproto, &flow); - rule_dpif_execute(rule, &flow, packet); - - return 0; - } - ofpbuf_use_stub(&odp_actions, odp_actions_stub, sizeof odp_actions_stub); + ofpbuf_use_stack(&key, &keybuf, sizeof keybuf); - if (ofport->tnl_port) { - struct dpif_flow_stats stats; - - odp_port = tnl_port_send(ofport->tnl_port, &flow); - if (odp_port == OVSP_NONE) { - return ENODEV; - } - - dpif_flow_stats_extract(&flow, packet, time_msec(), &stats); - netdev_vport_inc_tx(ofport->up.netdev, &stats); - odp_put_tunnel_action(&flow.tunnel, &odp_actions); - odp_put_skb_mark_action(flow.skb_mark, &odp_actions); - } else { - odp_port = vsp_realdev_to_vlandev(ofproto, ofport->odp_port, - flow.vlan_tci); - if (odp_port != ofport->odp_port) { - eth_pop_vlan(packet); - flow.vlan_tci = htons(0); - } - } + /* Use OFPP_NONE as the in_port to avoid special packet processing. */ + flow_extract(packet, 0, 0, NULL, OFPP_NONE, &flow); + odp_flow_key_from_flow(&key, &flow, ofp_port_to_odp_port(ofproto, + OFPP_LOCAL)); + dpif_flow_stats_extract(&flow, packet, time_msec(), &stats); - ofpbuf_use_stack(&key, &keybuf, sizeof keybuf); - odp_flow_key_from_flow(&key, &flow, - ofp_port_to_odp_port(ofproto, flow.in_port)); + ofpact_init(&output.ofpact, OFPACT_OUTPUT, sizeof output); + output.port = ofport->up.ofp_port; + output.max_len = 0; - compose_sflow_action(ofproto, &odp_actions, &flow, odp_port); + xlate_in_init(&xin, ofproto, &flow, NULL, NULL, 0, packet); + xin.ofpacts_len = sizeof output; + xin.ofpacts = &output.ofpact; + xin.resubmit_stats = &stats; + xlate_actions(&xin, &xout); - nl_msg_put_u32(&odp_actions, OVS_ACTION_ATTR_OUTPUT, odp_port); error = dpif_execute(ofproto->backer->dpif, key.data, key.size, - odp_actions.data, odp_actions.size, + xout.odp_actions.data, xout.odp_actions.size, packet); - ofpbuf_uninit(&odp_actions); + xlate_out_uninit(&xout); if (error) { - VLOG_WARN_RL(&rl, "%s: failed to send packet on port %"PRIu32" (%s)", - ofproto->up.name, odp_port, strerror(error)); + VLOG_WARN_RL(&rl, "%s: failed to send packet on port %s (%s)", + ofproto->up.name, netdev_get_name(ofport->up.netdev), + strerror(error)); } - ofproto_update_local_port_stats(ofport->up.ofproto, packet->size, 0); + + ofproto->stats.tx_packets++; + ofproto->stats.tx_bytes += packet->size; return error; } /* OpenFlow to datapath action translation. */ -static bool may_receive(const struct ofport_dpif *, struct action_xlate_ctx *); +static bool may_receive(const struct ofport_dpif *, struct xlate_ctx *); static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len, - struct action_xlate_ctx *); -static void xlate_normal(struct action_xlate_ctx *); + struct xlate_ctx *); +static void xlate_normal(struct xlate_ctx *); /* Composes an ODP action for a "slow path" action for 'flow' within 'ofproto'. * The action will state 'slow' as the reason that the action is in the slow @@ -5544,11 +5701,12 @@ compose_slow_path(const struct ofproto_dpif *ofproto, const struct flow *flow, cookie.slow_path.reason = slow; ofpbuf_use_stack(&buf, stub, stub_size); - if (slow & (SLOW_CFM | SLOW_LACP | SLOW_STP)) { + if (slow & (SLOW_CFM | SLOW_BFD | SLOW_LACP | SLOW_STP)) { uint32_t pid = dpif_port_get_pid(ofproto->backer->dpif, UINT32_MAX); - odp_put_userspace_action(pid, &cookie, sizeof cookie, &buf); + odp_put_userspace_action(pid, &cookie, sizeof cookie.slow_path, &buf); } else { - put_userspace_action(ofproto, &buf, flow, &cookie); + put_userspace_action(ofproto, &buf, flow, &cookie, + sizeof cookie.slow_path); } *actionsp = buf.data; *actions_lenp = buf.size; @@ -5558,14 +5716,43 @@ static size_t put_userspace_action(const struct ofproto_dpif *ofproto, struct ofpbuf *odp_actions, const struct flow *flow, - const union user_action_cookie *cookie) + const union user_action_cookie *cookie, + const size_t cookie_size) { uint32_t pid; pid = dpif_port_get_pid(ofproto->backer->dpif, ofp_port_to_odp_port(ofproto, flow->in_port)); - return odp_put_userspace_action(pid, cookie, sizeof *cookie, odp_actions); + return odp_put_userspace_action(pid, cookie, cookie_size, odp_actions); +} + +/* Compose SAMPLE action for sFlow or IPFIX. The given probability is + * the number of packets out of UINT32_MAX to sample. The given + * cookie is passed back in the callback for each sampled packet. + */ +static size_t +compose_sample_action(const struct ofproto_dpif *ofproto, + struct ofpbuf *odp_actions, + const struct flow *flow, + const uint32_t probability, + const union user_action_cookie *cookie, + const size_t cookie_size) +{ + size_t sample_offset, actions_offset; + int cookie_offset; + + sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE); + + nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability); + + actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS); + cookie_offset = put_userspace_action(ofproto, odp_actions, flow, cookie, + cookie_size); + + nl_msg_end_nested(odp_actions, actions_offset); + nl_msg_end_nested(odp_actions, sample_offset); + return cookie_offset; } static void @@ -5600,7 +5787,7 @@ compose_sflow_cookie(const struct ofproto_dpif *ofproto, } } -/* Compose SAMPLE action for sFlow. */ +/* Compose SAMPLE action for sFlow bridge sampling. */ static size_t compose_sflow_action(const struct ofproto_dpif *ofproto, struct ofpbuf *odp_actions, @@ -5609,47 +5796,84 @@ compose_sflow_action(const struct ofproto_dpif *ofproto, { uint32_t probability; union user_action_cookie cookie; - size_t sample_offset, actions_offset; - int cookie_offset; if (!ofproto->sflow || flow->in_port == OFPP_NONE) { return 0; } - sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE); - - /* Number of packets out of UINT_MAX to sample. */ probability = dpif_sflow_get_probability(ofproto->sflow); - nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability); - - actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS); compose_sflow_cookie(ofproto, htons(0), odp_port, odp_port == OVSP_NONE ? 0 : 1, &cookie); - cookie_offset = put_userspace_action(ofproto, odp_actions, flow, &cookie); - nl_msg_end_nested(odp_actions, actions_offset); - nl_msg_end_nested(odp_actions, sample_offset); - return cookie_offset; + return compose_sample_action(ofproto, odp_actions, flow, probability, + &cookie, sizeof cookie.sflow); +} + +static void +compose_flow_sample_cookie(uint16_t probability, uint32_t collector_set_id, + uint32_t obs_domain_id, uint32_t obs_point_id, + union user_action_cookie *cookie) +{ + cookie->type = USER_ACTION_COOKIE_FLOW_SAMPLE; + cookie->flow_sample.probability = probability; + cookie->flow_sample.collector_set_id = collector_set_id; + cookie->flow_sample.obs_domain_id = obs_domain_id; + cookie->flow_sample.obs_point_id = obs_point_id; +} + +static void +compose_ipfix_cookie(union user_action_cookie *cookie) +{ + cookie->type = USER_ACTION_COOKIE_IPFIX; } -/* SAMPLE action must be first action in any given list of actions. - * At this point we do not have all information required to build it. So try to - * build sample action as complete as possible. */ +/* Compose SAMPLE action for IPFIX bridge sampling. */ static void -add_sflow_action(struct action_xlate_ctx *ctx) +compose_ipfix_action(const struct ofproto_dpif *ofproto, + struct ofpbuf *odp_actions, + const struct flow *flow) +{ + uint32_t probability; + union user_action_cookie cookie; + + if (!ofproto->ipfix || flow->in_port == OFPP_NONE) { + return; + } + + probability = dpif_ipfix_get_bridge_exporter_probability(ofproto->ipfix); + compose_ipfix_cookie(&cookie); + + compose_sample_action(ofproto, odp_actions, flow, probability, + &cookie, sizeof cookie.ipfix); +} + +/* SAMPLE action for sFlow must be first action in any given list of + * actions. At this point we do not have all information required to + * build it. So try to build sample action as complete as possible. */ +static void +add_sflow_action(struct xlate_ctx *ctx) { ctx->user_cookie_offset = compose_sflow_action(ctx->ofproto, - ctx->odp_actions, - &ctx->flow, OVSP_NONE); + &ctx->xout->odp_actions, + &ctx->xin->flow, OVSP_NONE); ctx->sflow_odp_port = 0; ctx->sflow_n_outputs = 0; } +/* SAMPLE action for IPFIX must be 1st or 2nd action in any given list + * of actions, eventually after the SAMPLE action for sFlow. */ +static void +add_ipfix_action(struct xlate_ctx *ctx) +{ + compose_ipfix_action(ctx->ofproto, &ctx->xout->odp_actions, + &ctx->xin->flow); +} + /* Fix SAMPLE action according to data collected while composing ODP actions. * We need to fix SAMPLE actions OVS_SAMPLE_ATTR_ACTIONS attribute, i.e. nested * USERSPACE action's user-cookie which is required for sflow. */ static void -fix_sflow_action(struct action_xlate_ctx *ctx) +fix_sflow_action(struct xlate_ctx *ctx) { const struct flow *base = &ctx->base_flow; union user_action_cookie *cookie; @@ -5658,8 +5882,8 @@ fix_sflow_action(struct action_xlate_ctx *ctx) return; } - cookie = ofpbuf_at(ctx->odp_actions, ctx->user_cookie_offset, - sizeof(*cookie)); + cookie = ofpbuf_at(&ctx->xout->odp_actions, ctx->user_cookie_offset, + sizeof cookie->sflow); ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW); compose_sflow_cookie(ctx->ofproto, base->vlan_tci, @@ -5667,19 +5891,19 @@ fix_sflow_action(struct action_xlate_ctx *ctx) } static void -compose_output_action__(struct action_xlate_ctx *ctx, uint16_t ofp_port, +compose_output_action__(struct xlate_ctx *ctx, uint16_t ofp_port, bool check_stp) { const struct ofport_dpif *ofport = get_ofp_port(ctx->ofproto, ofp_port); - ovs_be16 flow_vlan_tci = ctx->flow.vlan_tci; - ovs_be64 flow_tun_id = ctx->flow.tunnel.tun_id; - uint8_t flow_nw_tos = ctx->flow.nw_tos; + ovs_be16 flow_vlan_tci; + uint32_t flow_skb_mark; + uint8_t flow_nw_tos; struct priority_to_dscp *pdscp; uint32_t out_port, odp_port; /* If 'struct flow' gets additional metadata, we'll need to zero it out * before traversing a patch port. */ - BUILD_ASSERT_DECL(FLOW_WC_SEQ == 19); + BUILD_ASSERT_DECL(FLOW_WC_SEQ == 20); if (!ofport) { xlate_report(ctx, "Nonexistent output port"); @@ -5694,7 +5918,7 @@ compose_output_action__(struct action_xlate_ctx *ctx, uint16_t ofp_port, if (netdev_vport_is_patch(ofport->up.netdev)) { struct ofport_dpif *peer = ofport_get_peer(ofport); - struct flow old_flow = ctx->flow; + struct flow old_flow = ctx->xin->flow; const struct ofproto_dpif *peer_ofproto; enum slow_path_reason special; struct ofport_dpif *in_port; @@ -5711,141 +5935,175 @@ compose_output_action__(struct action_xlate_ctx *ctx, uint16_t ofp_port, } ctx->ofproto = ofproto_dpif_cast(peer->up.ofproto); - ctx->flow.in_port = peer->up.ofp_port; - ctx->flow.metadata = htonll(0); - memset(&ctx->flow.tunnel, 0, sizeof ctx->flow.tunnel); - memset(ctx->flow.regs, 0, sizeof ctx->flow.regs); - - in_port = get_ofp_port(ctx->ofproto, ctx->flow.in_port); - special = process_special(ctx->ofproto, &ctx->flow, in_port, - ctx->packet); + ctx->xin->flow.in_port = peer->up.ofp_port; + ctx->xin->flow.metadata = htonll(0); + memset(&ctx->xin->flow.tunnel, 0, sizeof ctx->xin->flow.tunnel); + memset(ctx->xin->flow.regs, 0, sizeof ctx->xin->flow.regs); + + in_port = get_ofp_port(ctx->ofproto, ctx->xin->flow.in_port); + special = process_special(ctx->ofproto, &ctx->xin->flow, in_port, + ctx->xin->packet); if (special) { - ctx->slow |= special; + ctx->xout->slow = special; } else if (!in_port || may_receive(in_port, ctx)) { if (!in_port || stp_forward_in_state(in_port->stp_state)) { - xlate_table_action(ctx, ctx->flow.in_port, 0, true); + xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); } else { /* Forwarding is disabled by STP. Let OFPP_NORMAL and the * learning action look at the packet, then drop it. */ struct flow old_base_flow = ctx->base_flow; - size_t old_size = ctx->odp_actions->size; - xlate_table_action(ctx, ctx->flow.in_port, 0, true); + size_t old_size = ctx->xout->odp_actions.size; + xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); ctx->base_flow = old_base_flow; - ctx->odp_actions->size = old_size; + ctx->xout->odp_actions.size = old_size; } } - ctx->flow = old_flow; + ctx->xin->flow = old_flow; ctx->ofproto = ofproto_dpif_cast(ofport->up.ofproto); - if (ctx->resubmit_stats) { - netdev_vport_inc_tx(ofport->up.netdev, ctx->resubmit_stats); - netdev_vport_inc_rx(peer->up.netdev, ctx->resubmit_stats); + if (ctx->xin->resubmit_stats) { + netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); + netdev_vport_inc_rx(peer->up.netdev, ctx->xin->resubmit_stats); } return; } - pdscp = get_priority(ofport, ctx->flow.skb_priority); + flow_vlan_tci = ctx->xin->flow.vlan_tci; + flow_skb_mark = ctx->xin->flow.skb_mark; + flow_nw_tos = ctx->xin->flow.nw_tos; + + pdscp = get_priority(ofport, ctx->xin->flow.skb_priority); if (pdscp) { - ctx->flow.nw_tos &= ~IP_DSCP_MASK; - ctx->flow.nw_tos |= pdscp->dscp; + ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; + ctx->xin->flow.nw_tos |= pdscp->dscp; } - odp_port = ofp_port_to_odp_port(ctx->ofproto, ofp_port); if (ofport->tnl_port) { - odp_port = tnl_port_send(ofport->tnl_port, &ctx->flow); + /* Save tunnel metadata so that changes made due to + * the Logical (tunnel) Port are not visible for any further + * matches, while explicit set actions on tunnel metadata are. + */ + struct flow_tnl flow_tnl = ctx->xin->flow.tunnel; + odp_port = tnl_port_send(ofport->tnl_port, &ctx->xin->flow); if (odp_port == OVSP_NONE) { xlate_report(ctx, "Tunneling decided against output"); - return; + goto out; /* restore flow_nw_tos */ } - - if (ctx->resubmit_stats) { - netdev_vport_inc_tx(ofport->up.netdev, ctx->resubmit_stats); + if (ctx->xin->flow.tunnel.ip_dst == ctx->orig_tunnel_ip_dst) { + xlate_report(ctx, "Not tunneling to our own address"); + goto out; /* restore flow_nw_tos */ + } + if (ctx->xin->resubmit_stats) { + netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); } out_port = odp_port; - commit_odp_tunnel_action(&ctx->flow, &ctx->base_flow, - ctx->odp_actions); + commit_odp_tunnel_action(&ctx->xin->flow, &ctx->base_flow, + &ctx->xout->odp_actions); + ctx->xin->flow.tunnel = flow_tnl; /* Restore tunnel metadata */ } else { - out_port = vsp_realdev_to_vlandev(ctx->ofproto, odp_port, - ctx->flow.vlan_tci); - if (out_port != odp_port) { - ctx->flow.vlan_tci = htons(0); + uint16_t vlandev_port; + odp_port = ofport->odp_port; + vlandev_port = vsp_realdev_to_vlandev(ctx->ofproto, ofp_port, + ctx->xin->flow.vlan_tci); + if (vlandev_port == ofp_port) { + out_port = odp_port; + } else { + out_port = ofp_port_to_odp_port(ctx->ofproto, vlandev_port); + ctx->xin->flow.vlan_tci = htons(0); } + ctx->xin->flow.skb_mark &= ~IPSEC_MARK; } - commit_odp_actions(&ctx->flow, &ctx->base_flow, ctx->odp_actions); - nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_OUTPUT, out_port); + commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, + &ctx->xout->odp_actions); + nl_msg_put_u32(&ctx->xout->odp_actions, OVS_ACTION_ATTR_OUTPUT, out_port); ctx->sflow_odp_port = odp_port; ctx->sflow_n_outputs++; - ctx->nf_output_iface = ofp_port; - ctx->flow.tunnel.tun_id = flow_tun_id; - ctx->flow.vlan_tci = flow_vlan_tci; - ctx->flow.nw_tos = flow_nw_tos; + ctx->xout->nf_output_iface = ofp_port; + + /* Restore flow */ + ctx->xin->flow.vlan_tci = flow_vlan_tci; + ctx->xin->flow.skb_mark = flow_skb_mark; + out: + ctx->xin->flow.nw_tos = flow_nw_tos; } static void -compose_output_action(struct action_xlate_ctx *ctx, uint16_t ofp_port) +compose_output_action(struct xlate_ctx *ctx, uint16_t ofp_port) { compose_output_action__(ctx, ofp_port, true); } static void -xlate_table_action(struct action_xlate_ctx *ctx, +tag_the_flow(struct xlate_ctx *ctx, struct rule_dpif *rule) +{ + struct ofproto_dpif *ofproto = ctx->ofproto; + uint8_t table_id = ctx->table_id; + + if (table_id > 0 && table_id < N_TABLES) { + struct table_dpif *table = &ofproto->tables[table_id]; + if (table->other_table) { + ctx->xout->tags |= (rule && rule->tag + ? rule->tag + : rule_calculate_tag(&ctx->xin->flow, + &table->other_table->mask, + table->basis)); + } + } +} + +/* Common rule processing in one place to avoid duplicating code. */ +static struct rule_dpif * +ctx_rule_hooks(struct xlate_ctx *ctx, struct rule_dpif *rule, + bool may_packet_in) +{ + if (ctx->xin->resubmit_hook) { + ctx->xin->resubmit_hook(ctx, rule); + } + if (rule == NULL && may_packet_in) { + /* XXX + * check if table configuration flags + * OFPTC_TABLE_MISS_CONTROLLER, default. + * OFPTC_TABLE_MISS_CONTINUE, + * OFPTC_TABLE_MISS_DROP + * When OF1.0, OFPTC_TABLE_MISS_CONTINUE is used. What to do? + */ + rule = rule_dpif_miss_rule(ctx->ofproto, &ctx->xin->flow); + } + if (rule && ctx->xin->resubmit_stats) { + rule_credit_stats(rule, ctx->xin->resubmit_stats); + } + return rule; +} + +static void +xlate_table_action(struct xlate_ctx *ctx, uint16_t in_port, uint8_t table_id, bool may_packet_in) { if (ctx->recurse < MAX_RESUBMIT_RECURSION) { - struct ofproto_dpif *ofproto = ctx->ofproto; struct rule_dpif *rule; - uint16_t old_in_port; - uint8_t old_table_id; + uint16_t old_in_port = ctx->xin->flow.in_port; + uint8_t old_table_id = ctx->table_id; - old_table_id = ctx->table_id; ctx->table_id = table_id; /* Look up a flow with 'in_port' as the input port. */ - old_in_port = ctx->flow.in_port; - ctx->flow.in_port = in_port; - rule = rule_dpif_lookup__(ofproto, &ctx->flow, table_id); - - /* Tag the flow. */ - if (table_id > 0 && table_id < N_TABLES) { - struct table_dpif *table = &ofproto->tables[table_id]; - if (table->other_table) { - ctx->tags |= (rule && rule->tag - ? rule->tag - : rule_calculate_tag(&ctx->flow, - &table->other_table->mask, - table->basis)); - } - } + ctx->xin->flow.in_port = in_port; + rule = rule_dpif_lookup__(ctx->ofproto, &ctx->xin->flow, table_id); + + tag_the_flow(ctx, rule); /* Restore the original input port. Otherwise OFPP_NORMAL and * OFPP_IN_PORT will have surprising behavior. */ - ctx->flow.in_port = old_in_port; + ctx->xin->flow.in_port = old_in_port; - if (ctx->resubmit_hook) { - ctx->resubmit_hook(ctx, rule); - } - - if (rule == NULL && may_packet_in) { - /* XXX - * check if table configuration flags - * OFPTC_TABLE_MISS_CONTROLLER, default. - * OFPTC_TABLE_MISS_CONTINUE, - * OFPTC_TABLE_MISS_DROP - * When OF1.0, OFPTC_TABLE_MISS_CONTINUE is used. What to do? - */ - rule = rule_dpif_miss_rule(ofproto, &ctx->flow); - } + rule = ctx_rule_hooks(ctx, rule, may_packet_in); if (rule) { struct rule_dpif *old_rule = ctx->rule; - if (ctx->resubmit_stats) { - rule_credit_stats(rule, ctx->resubmit_stats); - } - ctx->recurse++; ctx->rule = rule; do_xlate_actions(rule->up.ofpacts, rule->up.ofpacts_len, ctx); @@ -5864,7 +6122,7 @@ xlate_table_action(struct action_xlate_ctx *ctx, } static void -xlate_ofpact_resubmit(struct action_xlate_ctx *ctx, +xlate_ofpact_resubmit(struct xlate_ctx *ctx, const struct ofpact_resubmit *resubmit) { uint16_t in_port; @@ -5872,7 +6130,7 @@ xlate_ofpact_resubmit(struct action_xlate_ctx *ctx, in_port = resubmit->in_port; if (in_port == OFPP_IN_PORT) { - in_port = ctx->flow.in_port; + in_port = ctx->xin->flow.in_port; } table_id = resubmit->table_id; @@ -5884,14 +6142,14 @@ xlate_ofpact_resubmit(struct action_xlate_ctx *ctx, } static void -flood_packets(struct action_xlate_ctx *ctx, bool all) +flood_packets(struct xlate_ctx *ctx, bool all) { struct ofport_dpif *ofport; HMAP_FOR_EACH (ofport, up.hmap_node, &ctx->ofproto->up.ports) { uint16_t ofp_port = ofport->up.ofp_port; - if (ofp_port == ctx->flow.in_port) { + if (ofp_port == ctx->xin->flow.in_port) { continue; } @@ -5902,23 +6160,24 @@ flood_packets(struct action_xlate_ctx *ctx, bool all) } } - ctx->nf_output_iface = NF_OUT_FLOOD; + ctx->xout->nf_output_iface = NF_OUT_FLOOD; } static void -execute_controller_action(struct action_xlate_ctx *ctx, int len, +execute_controller_action(struct xlate_ctx *ctx, int len, enum ofp_packet_in_reason reason, uint16_t controller_id) { struct ofputil_packet_in pin; struct ofpbuf *packet; - ctx->slow |= SLOW_CONTROLLER; - if (!ctx->packet) { + ovs_assert(!ctx->xout->slow || ctx->xout->slow == SLOW_CONTROLLER); + ctx->xout->slow = SLOW_CONTROLLER; + if (!ctx->xin->packet) { return; } - packet = ofpbuf_clone(ctx->packet); + packet = ofpbuf_clone(ctx->xin->packet); if (packet->l2 && packet->l3) { struct eth_header *eh; @@ -5927,36 +6186,37 @@ execute_controller_action(struct action_xlate_ctx *ctx, int len, eth_pop_vlan(packet); eh = packet->l2; - memcpy(eh->eth_src, ctx->flow.dl_src, sizeof eh->eth_src); - memcpy(eh->eth_dst, ctx->flow.dl_dst, sizeof eh->eth_dst); + memcpy(eh->eth_src, ctx->xin->flow.dl_src, sizeof eh->eth_src); + memcpy(eh->eth_dst, ctx->xin->flow.dl_dst, sizeof eh->eth_dst); - if (ctx->flow.vlan_tci & htons(VLAN_CFI)) { - eth_push_vlan(packet, ctx->flow.vlan_tci); + if (ctx->xin->flow.vlan_tci & htons(VLAN_CFI)) { + eth_push_vlan(packet, ctx->xin->flow.vlan_tci); } mpls_depth = eth_mpls_depth(packet); - if (mpls_depth < ctx->flow.mpls_depth) { - push_mpls(packet, ctx->flow.dl_type, ctx->flow.mpls_lse); - } else if (mpls_depth > ctx->flow.mpls_depth) { - pop_mpls(packet, ctx->flow.dl_type); + if (mpls_depth < ctx->xin->flow.mpls_depth) { + push_mpls(packet, ctx->xin->flow.dl_type, ctx->xin->flow.mpls_lse); + } else if (mpls_depth > ctx->xin->flow.mpls_depth) { + pop_mpls(packet, ctx->xin->flow.dl_type); } else if (mpls_depth) { - set_mpls_lse(packet, ctx->flow.mpls_lse); + set_mpls_lse(packet, ctx->xin->flow.mpls_lse); } if (packet->l4) { - if (ctx->flow.dl_type == htons(ETH_TYPE_IP)) { - packet_set_ipv4(packet, ctx->flow.nw_src, ctx->flow.nw_dst, - ctx->flow.nw_tos, ctx->flow.nw_ttl); + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { + packet_set_ipv4(packet, ctx->xin->flow.nw_src, + ctx->xin->flow.nw_dst, ctx->xin->flow.nw_tos, + ctx->xin->flow.nw_ttl); } if (packet->l7) { - if (ctx->flow.nw_proto == IPPROTO_TCP) { - packet_set_tcp_port(packet, ctx->flow.tp_src, - ctx->flow.tp_dst); - } else if (ctx->flow.nw_proto == IPPROTO_UDP) { - packet_set_udp_port(packet, ctx->flow.tp_src, - ctx->flow.tp_dst); + if (ctx->xin->flow.nw_proto == IPPROTO_TCP) { + packet_set_tcp_port(packet, ctx->xin->flow.tp_src, + ctx->xin->flow.tp_dst); + } else if (ctx->xin->flow.nw_proto == IPPROTO_UDP) { + packet_set_udp_port(packet, ctx->xin->flow.tp_src, + ctx->xin->flow.tp_dst); } } } @@ -5970,64 +6230,62 @@ execute_controller_action(struct action_xlate_ctx *ctx, int len, pin.cookie = ctx->rule ? ctx->rule->up.flow_cookie : 0; pin.send_len = len; - flow_get_metadata(&ctx->flow, &pin.fmd); + flow_get_metadata(&ctx->xin->flow, &pin.fmd); connmgr_send_packet_in(ctx->ofproto->up.connmgr, &pin); ofpbuf_delete(packet); } static void -execute_mpls_push_action(struct action_xlate_ctx *ctx, ovs_be16 eth_type) +execute_mpls_push_action(struct xlate_ctx *ctx, ovs_be16 eth_type) { ovs_assert(eth_type_mpls(eth_type)); if (ctx->base_flow.mpls_depth) { - ctx->flow.mpls_lse &= ~htonl(MPLS_BOS_MASK); - ctx->flow.mpls_depth++; + ctx->xin->flow.mpls_lse &= ~htonl(MPLS_BOS_MASK); + ctx->xin->flow.mpls_depth++; } else { ovs_be32 label; uint8_t tc, ttl; - if (ctx->flow.dl_type == htons(ETH_TYPE_IPV6)) { + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IPV6)) { label = htonl(0x2); /* IPV6 Explicit Null. */ } else { label = htonl(0x0); /* IPV4 Explicit Null. */ } - tc = (ctx->flow.nw_tos & IP_DSCP_MASK) >> 2; - ttl = ctx->flow.nw_ttl ? ctx->flow.nw_ttl : 0x40; - ctx->flow.mpls_lse = set_mpls_lse_values(ttl, tc, 1, label); - ctx->flow.encap_dl_type = ctx->flow.dl_type; - ctx->flow.mpls_depth = 1; + tc = (ctx->xin->flow.nw_tos & IP_DSCP_MASK) >> 2; + ttl = ctx->xin->flow.nw_ttl ? ctx->xin->flow.nw_ttl : 0x40; + ctx->xin->flow.mpls_lse = set_mpls_lse_values(ttl, tc, 1, label); + ctx->xin->flow.mpls_depth = 1; } - ctx->flow.dl_type = eth_type; + ctx->xin->flow.dl_type = eth_type; } static void -execute_mpls_pop_action(struct action_xlate_ctx *ctx, ovs_be16 eth_type) +execute_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type) { - ovs_assert(eth_type_mpls(ctx->flow.dl_type)); + ovs_assert(eth_type_mpls(ctx->xin->flow.dl_type)); ovs_assert(!eth_type_mpls(eth_type)); - if (ctx->flow.mpls_depth) { - ctx->flow.mpls_depth--; - ctx->flow.mpls_lse = htonl(0); - if (!ctx->flow.mpls_depth) { - ctx->flow.dl_type = eth_type; - ctx->flow.encap_dl_type = htons(0); + if (ctx->xin->flow.mpls_depth) { + ctx->xin->flow.mpls_depth--; + ctx->xin->flow.mpls_lse = htonl(0); + if (!ctx->xin->flow.mpls_depth) { + ctx->xin->flow.dl_type = eth_type; } } } static bool -compose_dec_ttl(struct action_xlate_ctx *ctx, struct ofpact_cnt_ids *ids) +compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids) { - if (ctx->flow.dl_type != htons(ETH_TYPE_IP) && - ctx->flow.dl_type != htons(ETH_TYPE_IPV6)) { + if (ctx->xin->flow.dl_type != htons(ETH_TYPE_IP) && + ctx->xin->flow.dl_type != htons(ETH_TYPE_IPV6)) { return false; } - if (ctx->flow.nw_ttl > 1) { - ctx->flow.nw_ttl--; + if (ctx->xin->flow.nw_ttl > 1) { + ctx->xin->flow.nw_ttl--; return false; } else { size_t i; @@ -6043,28 +6301,28 @@ compose_dec_ttl(struct action_xlate_ctx *ctx, struct ofpact_cnt_ids *ids) } static bool -execute_set_mpls_ttl_action(struct action_xlate_ctx *ctx, uint8_t ttl) +execute_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl) { - if (!eth_type_mpls(ctx->flow.dl_type)) { + if (!eth_type_mpls(ctx->xin->flow.dl_type)) { return true; } - set_mpls_lse_ttl(&ctx->flow.mpls_lse, ttl); + set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); return false; } static bool -execute_dec_mpls_ttl_action(struct action_xlate_ctx *ctx) +execute_dec_mpls_ttl_action(struct xlate_ctx *ctx) { - uint8_t ttl = mpls_lse_to_ttl(ctx->flow.mpls_lse); + uint8_t ttl = mpls_lse_to_ttl(ctx->xin->flow.mpls_lse); - if (!eth_type_mpls(ctx->flow.dl_type)) { + if (!eth_type_mpls(ctx->xin->flow.dl_type)) { return false; } - if (ttl > 0) { + if (ttl > 1) { ttl--; - set_mpls_lse_ttl(&ctx->flow.mpls_lse, ttl); + set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); return false; } else { execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0); @@ -6075,19 +6333,19 @@ execute_dec_mpls_ttl_action(struct action_xlate_ctx *ctx) } static void -xlate_output_action(struct action_xlate_ctx *ctx, +xlate_output_action(struct xlate_ctx *ctx, uint16_t port, uint16_t max_len, bool may_packet_in) { - uint16_t prev_nf_output_iface = ctx->nf_output_iface; + uint16_t prev_nf_output_iface = ctx->xout->nf_output_iface; - ctx->nf_output_iface = NF_OUT_DROP; + ctx->xout->nf_output_iface = NF_OUT_DROP; switch (port) { case OFPP_IN_PORT: - compose_output_action(ctx, ctx->flow.in_port); + compose_output_action(ctx, ctx->xin->flow.in_port); break; case OFPP_TABLE: - xlate_table_action(ctx, ctx->flow.in_port, 0, may_packet_in); + xlate_table_action(ctx, ctx->xin->flow.in_port, 0, may_packet_in); break; case OFPP_NORMAL: xlate_normal(ctx); @@ -6105,7 +6363,7 @@ xlate_output_action(struct action_xlate_ctx *ctx, break; case OFPP_LOCAL: default: - if (port != ctx->flow.in_port) { + if (port != ctx->xin->flow.in_port) { compose_output_action(ctx, port); } else { xlate_report(ctx, "skipping output to input port"); @@ -6114,27 +6372,27 @@ xlate_output_action(struct action_xlate_ctx *ctx, } if (prev_nf_output_iface == NF_OUT_FLOOD) { - ctx->nf_output_iface = NF_OUT_FLOOD; - } else if (ctx->nf_output_iface == NF_OUT_DROP) { - ctx->nf_output_iface = prev_nf_output_iface; + ctx->xout->nf_output_iface = NF_OUT_FLOOD; + } else if (ctx->xout->nf_output_iface == NF_OUT_DROP) { + ctx->xout->nf_output_iface = prev_nf_output_iface; } else if (prev_nf_output_iface != NF_OUT_DROP && - ctx->nf_output_iface != NF_OUT_FLOOD) { - ctx->nf_output_iface = NF_OUT_MULTI; + ctx->xout->nf_output_iface != NF_OUT_FLOOD) { + ctx->xout->nf_output_iface = NF_OUT_MULTI; } } static void -xlate_output_reg_action(struct action_xlate_ctx *ctx, +xlate_output_reg_action(struct xlate_ctx *ctx, const struct ofpact_output_reg *or) { - uint64_t port = mf_get_subfield(&or->src, &ctx->flow); + uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow); if (port <= UINT16_MAX) { xlate_output_action(ctx, port, or->max_len, false); } } static void -xlate_enqueue_action(struct action_xlate_ctx *ctx, +xlate_enqueue_action(struct xlate_ctx *ctx, const struct ofpact_enqueue *enqueue) { uint16_t ofp_port = enqueue->port; @@ -6153,44 +6411,39 @@ xlate_enqueue_action(struct action_xlate_ctx *ctx, /* Check output port. */ if (ofp_port == OFPP_IN_PORT) { - ofp_port = ctx->flow.in_port; - } else if (ofp_port == ctx->flow.in_port) { + ofp_port = ctx->xin->flow.in_port; + } else if (ofp_port == ctx->xin->flow.in_port) { return; } /* Add datapath actions. */ - flow_priority = ctx->flow.skb_priority; - ctx->flow.skb_priority = priority; + flow_priority = ctx->xin->flow.skb_priority; + ctx->xin->flow.skb_priority = priority; compose_output_action(ctx, ofp_port); - ctx->flow.skb_priority = flow_priority; + ctx->xin->flow.skb_priority = flow_priority; /* Update NetFlow output port. */ - if (ctx->nf_output_iface == NF_OUT_DROP) { - ctx->nf_output_iface = ofp_port; - } else if (ctx->nf_output_iface != NF_OUT_FLOOD) { - ctx->nf_output_iface = NF_OUT_MULTI; + if (ctx->xout->nf_output_iface == NF_OUT_DROP) { + ctx->xout->nf_output_iface = ofp_port; + } else if (ctx->xout->nf_output_iface != NF_OUT_FLOOD) { + ctx->xout->nf_output_iface = NF_OUT_MULTI; } } static void -xlate_set_queue_action(struct action_xlate_ctx *ctx, uint32_t queue_id) +xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id) { uint32_t skb_priority; if (!dpif_queue_to_priority(ctx->ofproto->backer->dpif, queue_id, &skb_priority)) { - ctx->flow.skb_priority = skb_priority; + ctx->xin->flow.skb_priority = skb_priority; } else { /* Couldn't translate queue to a priority. Nothing to do. A warning * has already been logged. */ } } -struct xlate_reg_state { - ovs_be16 vlan_tci; - ovs_be64 tun_id; -}; - static bool slave_enabled_cb(uint16_t ofp_port, void *ofproto_) { @@ -6214,21 +6467,22 @@ slave_enabled_cb(uint16_t ofp_port, void *ofproto_) } static void -xlate_bundle_action(struct action_xlate_ctx *ctx, +xlate_bundle_action(struct xlate_ctx *ctx, const struct ofpact_bundle *bundle) { uint16_t port; - port = bundle_execute(bundle, &ctx->flow, slave_enabled_cb, ctx->ofproto); + port = bundle_execute(bundle, &ctx->xin->flow, slave_enabled_cb, + ctx->ofproto); if (bundle->dst.field) { - nxm_reg_load(&bundle->dst, port, &ctx->flow); + nxm_reg_load(&bundle->dst, port, &ctx->xin->flow); } else { xlate_output_action(ctx, port, 0, false); } } static void -xlate_learn_action(struct action_xlate_ctx *ctx, +xlate_learn_action(struct xlate_ctx *ctx, const struct ofpact_learn *learn) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); @@ -6238,7 +6492,7 @@ xlate_learn_action(struct action_xlate_ctx *ctx, int error; ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub); - learn_execute(learn, &ctx->flow, &fm, &ofpacts); + learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts); error = ofproto_flow_mod(&ctx->ofproto->up, &fm); if (error && !VLOG_DROP_WARN(&rl)) { @@ -6260,10 +6514,10 @@ reduce_timeout(uint16_t max, uint16_t *timeout) } static void -xlate_fin_timeout(struct action_xlate_ctx *ctx, +xlate_fin_timeout(struct xlate_ctx *ctx, const struct ofpact_fin_timeout *oft) { - if (ctx->tcp_flags & (TCP_FIN | TCP_RST) && ctx->rule) { + if (ctx->xin->tcp_flags & (TCP_FIN | TCP_RST) && ctx->rule) { struct rule_dpif *rule = ctx->rule; reduce_timeout(oft->fin_idle_timeout, &rule->up.idle_timeout); @@ -6271,10 +6525,29 @@ xlate_fin_timeout(struct action_xlate_ctx *ctx, } } +static void +xlate_sample_action(struct xlate_ctx *ctx, + const struct ofpact_sample *os) +{ + union user_action_cookie cookie; + /* Scale the probability from 16-bit to 32-bit while representing + * the same percentage. */ + uint32_t probability = (os->probability << 16) | os->probability; + + commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, + &ctx->xout->odp_actions); + + compose_flow_sample_cookie(os->probability, os->collector_set_id, + os->obs_domain_id, os->obs_point_id, &cookie); + compose_sample_action(ctx->ofproto, &ctx->xout->odp_actions, &ctx->xin->flow, + probability, &cookie, sizeof cookie.flow_sample); +} + static bool -may_receive(const struct ofport_dpif *port, struct action_xlate_ctx *ctx) +may_receive(const struct ofport_dpif *port, struct xlate_ctx *ctx) { - if (port->up.pp.config & (eth_addr_equals(ctx->flow.dl_dst, eth_addr_stp) + if (port->up.pp.config & (eth_addr_equals(ctx->xin->flow.dl_dst, + eth_addr_stp) ? OFPUTIL_PC_NO_RECV_STP : OFPUTIL_PC_NO_RECV)) { return false; @@ -6292,9 +6565,27 @@ may_receive(const struct ofport_dpif *port, struct action_xlate_ctx *ctx) return true; } +static bool +tunnel_ecn_ok(struct xlate_ctx *ctx) +{ + if (is_ip_any(&ctx->base_flow) + && (ctx->xin->flow.tunnel.ip_tos & IP_ECN_MASK) == IP_ECN_CE) { + if ((ctx->base_flow.nw_tos & IP_ECN_MASK) == IP_ECN_NOT_ECT) { + VLOG_WARN_RL(&rl, "dropping tunnel packet marked ECN CE" + " but is not ECN capable"); + return false; + } else { + /* Set the ECN CE value in the tunneled packet. */ + ctx->xin->flow.nw_tos |= IP_ECN_CE; + } + } + + return true; +} + static void do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, - struct action_xlate_ctx *ctx) + struct xlate_ctx *ctx) { bool was_evictable = true; const struct ofpact *a; @@ -6304,6 +6595,8 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, was_evictable = ctx->rule->up.evictable; ctx->rule->up.evictable = false; } + + do_xlate_actions_again: OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) { struct ofpact_controller *controller; const struct ofpact_metadata *metadata; @@ -6330,59 +6623,70 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, break; case OFPACT_SET_VLAN_VID: - ctx->flow.vlan_tci &= ~htons(VLAN_VID_MASK); - ctx->flow.vlan_tci |= (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid) - | htons(VLAN_CFI)); + ctx->xin->flow.vlan_tci &= ~htons(VLAN_VID_MASK); + ctx->xin->flow.vlan_tci |= + (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid) + | htons(VLAN_CFI)); break; case OFPACT_SET_VLAN_PCP: - ctx->flow.vlan_tci &= ~htons(VLAN_PCP_MASK); - ctx->flow.vlan_tci |= htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp - << VLAN_PCP_SHIFT) - | VLAN_CFI); + ctx->xin->flow.vlan_tci &= ~htons(VLAN_PCP_MASK); + ctx->xin->flow.vlan_tci |= + htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp << VLAN_PCP_SHIFT) + | VLAN_CFI); break; case OFPACT_STRIP_VLAN: - ctx->flow.vlan_tci = htons(0); + ctx->xin->flow.vlan_tci = htons(0); break; case OFPACT_PUSH_VLAN: /* XXX 802.1AD(QinQ) */ - ctx->flow.vlan_tci = htons(VLAN_CFI); + ctx->xin->flow.vlan_tci = htons(VLAN_CFI); break; case OFPACT_SET_ETH_SRC: - memcpy(ctx->flow.dl_src, ofpact_get_SET_ETH_SRC(a)->mac, + memcpy(ctx->xin->flow.dl_src, ofpact_get_SET_ETH_SRC(a)->mac, ETH_ADDR_LEN); break; case OFPACT_SET_ETH_DST: - memcpy(ctx->flow.dl_dst, ofpact_get_SET_ETH_DST(a)->mac, + memcpy(ctx->xin->flow.dl_dst, ofpact_get_SET_ETH_DST(a)->mac, ETH_ADDR_LEN); break; case OFPACT_SET_IPV4_SRC: - ctx->flow.nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4; + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { + ctx->xin->flow.nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4; + } break; case OFPACT_SET_IPV4_DST: - ctx->flow.nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4; + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { + ctx->xin->flow.nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4; + } break; case OFPACT_SET_IPV4_DSCP: /* OpenFlow 1.0 only supports IPv4. */ - if (ctx->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->flow.nw_tos &= ~IP_DSCP_MASK; - ctx->flow.nw_tos |= ofpact_get_SET_IPV4_DSCP(a)->dscp; + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { + ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; + ctx->xin->flow.nw_tos |= ofpact_get_SET_IPV4_DSCP(a)->dscp; } break; case OFPACT_SET_L4_SRC_PORT: - ctx->flow.tp_src = htons(ofpact_get_SET_L4_SRC_PORT(a)->port); + if (is_ip_any(&ctx->xin->flow)) { + ctx->xin->flow.tp_src = + htons(ofpact_get_SET_L4_SRC_PORT(a)->port); + } break; case OFPACT_SET_L4_DST_PORT: - ctx->flow.tp_dst = htons(ofpact_get_SET_L4_DST_PORT(a)->port); + if (is_ip_any(&ctx->xin->flow)) { + ctx->xin->flow.tp_dst = + htons(ofpact_get_SET_L4_DST_PORT(a)->port); + } break; case OFPACT_RESUBMIT: @@ -6390,7 +6694,8 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, break; case OFPACT_SET_TUNNEL: - ctx->flow.tunnel.tun_id = htonll(ofpact_get_SET_TUNNEL(a)->tun_id); + ctx->xin->flow.tunnel.tun_id = + htonll(ofpact_get_SET_TUNNEL(a)->tun_id); break; case OFPACT_SET_QUEUE: @@ -6398,24 +6703,24 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, break; case OFPACT_POP_QUEUE: - ctx->flow.skb_priority = ctx->orig_skb_priority; + ctx->xin->flow.skb_priority = ctx->orig_skb_priority; break; case OFPACT_REG_MOVE: - nxm_execute_reg_move(ofpact_get_REG_MOVE(a), &ctx->flow); + nxm_execute_reg_move(ofpact_get_REG_MOVE(a), &ctx->xin->flow); break; case OFPACT_REG_LOAD: - nxm_execute_reg_load(ofpact_get_REG_LOAD(a), &ctx->flow); + nxm_execute_reg_load(ofpact_get_REG_LOAD(a), &ctx->xin->flow); break; case OFPACT_STACK_PUSH: - nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), &ctx->flow, + nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), &ctx->xin->flow, &ctx->stack); break; case OFPACT_STACK_POP: - nxm_execute_stack_pop(ofpact_get_STACK_POP(a), &ctx->flow, + nxm_execute_stack_pop(ofpact_get_STACK_POP(a), &ctx->xin->flow, &ctx->stack); break; @@ -6428,7 +6733,8 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, break; case OFPACT_SET_MPLS_TTL: - if (execute_set_mpls_ttl_action(ctx, ofpact_get_SET_MPLS_TTL(a)->ttl)) { + if (execute_set_mpls_ttl_action(ctx, + ofpact_get_SET_MPLS_TTL(a)->ttl)) { goto out; } break; @@ -6450,7 +6756,7 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, break; case OFPACT_MULTIPATH: - multipath_execute(ofpact_get_MULTIPATH(a), &ctx->flow); + multipath_execute(ofpact_get_MULTIPATH(a), &ctx->xin->flow); break; case OFPACT_BUNDLE: @@ -6463,8 +6769,8 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, break; case OFPACT_LEARN: - ctx->has_learn = true; - if (ctx->may_learn) { + ctx->xout->has_learn = true; + if (ctx->xin->may_learn) { xlate_learn_action(ctx, ofpact_get_LEARN(a)); } break; @@ -6474,7 +6780,7 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, break; case OFPACT_FIN_TIMEOUT: - ctx->has_fin_timeout = true; + ctx->xout->has_fin_timeout = true; xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a)); break; @@ -6488,18 +6794,45 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, case OFPACT_WRITE_METADATA: metadata = ofpact_get_WRITE_METADATA(a); - ctx->flow.metadata &= ~metadata->mask; - ctx->flow.metadata |= metadata->metadata & metadata->mask; + ctx->xin->flow.metadata &= ~metadata->mask; + ctx->xin->flow.metadata |= metadata->metadata & metadata->mask; break; case OFPACT_GOTO_TABLE: { - /* XXX remove recursion */ - /* It is assumed that goto-table is last action */ + /* It is assumed that goto-table is the last action. */ struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a); + struct rule_dpif *rule; + ovs_assert(ctx->table_id < ogt->table_id); - xlate_table_action(ctx, ctx->flow.in_port, ogt->table_id, true); + + ctx->table_id = ogt->table_id; + + /* Look up a flow from the new table. */ + rule = rule_dpif_lookup__(ctx->ofproto, &ctx->xin->flow, ctx->table_id); + + tag_the_flow(ctx, rule); + + rule = ctx_rule_hooks(ctx, rule, true); + + if (rule) { + if (ctx->rule) { + ctx->rule->up.evictable = was_evictable; + } + ctx->rule = rule; + was_evictable = rule->up.evictable; + rule->up.evictable = false; + + /* Tail recursion removal. */ + ofpacts = rule->up.ofpacts; + ofpacts_len = rule->up.ofpacts_len; + goto do_xlate_actions_again; + } break; } + + case OFPACT_SAMPLE: + xlate_sample_action(ctx, ofpact_get_SAMPLE(a)); + break; } } @@ -6510,55 +6843,43 @@ out: } static void -action_xlate_ctx_init(struct action_xlate_ctx *ctx, - struct ofproto_dpif *ofproto, const struct flow *flow, - ovs_be16 initial_tci, struct rule_dpif *rule, - uint8_t tcp_flags, const struct ofpbuf *packet) +xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto, + const struct flow *flow, + const struct initial_vals *initial_vals, + struct rule_dpif *rule, uint8_t tcp_flags, + const struct ofpbuf *packet) { - ovs_be64 initial_tun_id = flow->tunnel.tun_id; + xin->ofproto = ofproto; + xin->flow = *flow; + xin->packet = packet; + xin->may_learn = packet != NULL; + xin->rule = rule; + xin->ofpacts = NULL; + xin->ofpacts_len = 0; + xin->tcp_flags = tcp_flags; + xin->resubmit_hook = NULL; + xin->report_hook = NULL; + xin->resubmit_stats = NULL; - /* Flow initialization rules: - * - 'base_flow' must match the kernel's view of the packet at the - * time that action processing starts. 'flow' represents any - * transformations we wish to make through actions. - * - By default 'base_flow' and 'flow' are the same since the input - * packet matches the output before any actions are applied. - * - When using VLAN splinters, 'base_flow''s VLAN is set to the value - * of the received packet as seen by the kernel. If we later output - * to another device without any modifications this will cause us to - * insert a new tag since the original one was stripped off by the - * VLAN device. - * - Tunnel 'flow' is largely cleared when transitioning between - * the input and output stages since it does not make sense to output - * a packet with the exact headers that it was received with (i.e. - * the destination IP is us). The one exception is the tun_id, which - * is preserved to allow use in later resubmit lookups and loads into - * registers. - * - Tunnel 'base_flow' is completely cleared since that is what the - * kernel does. If we wish to maintain the original values an action - * needs to be generated. */ + if (initial_vals) { + xin->initial_vals = *initial_vals; + } else { + xin->initial_vals.vlan_tci = xin->flow.vlan_tci; + } +} - ctx->ofproto = ofproto; - ctx->flow = *flow; - memset(&ctx->flow.tunnel, 0, sizeof ctx->flow.tunnel); - ctx->base_flow = ctx->flow; - ctx->base_flow.vlan_tci = initial_tci; - ctx->flow.tunnel.tun_id = initial_tun_id; - ctx->rule = rule; - ctx->packet = packet; - ctx->may_learn = packet != NULL; - ctx->tcp_flags = tcp_flags; - ctx->resubmit_hook = NULL; - ctx->report_hook = NULL; - ctx->resubmit_stats = NULL; +static void +xlate_out_uninit(struct xlate_out *xout) +{ + if (xout) { + ofpbuf_uninit(&xout->odp_actions); + } } /* Translates the 'ofpacts_len' bytes of "struct ofpacts" starting at 'ofpacts' * into datapath actions in 'odp_actions', using 'ctx'. */ static void -xlate_actions(struct action_xlate_ctx *ctx, - const struct ofpact *ofpacts, size_t ofpacts_len, - struct ofpbuf *odp_actions) +xlate_actions(struct xlate_in *xin, struct xlate_out *xout) { /* Normally false. Set to true if we ever hit MAX_RESUBMIT_RECURSION, so * that in the future we always keep a copy of the original flow for @@ -6566,42 +6887,88 @@ xlate_actions(struct action_xlate_ctx *ctx, static bool hit_resubmit_limit; enum slow_path_reason special; + const struct ofpact *ofpacts; struct ofport_dpif *in_port; struct flow orig_flow; + struct xlate_ctx ctx; + size_t ofpacts_len; COVERAGE_INC(ofproto_dpif_xlate); - ofpbuf_clear(odp_actions); - ofpbuf_reserve(odp_actions, NL_A_U32_SIZE); - - ctx->odp_actions = odp_actions; - ctx->tags = 0; - ctx->slow = 0; - ctx->has_learn = false; - ctx->has_normal = false; - ctx->has_fin_timeout = false; - ctx->nf_output_iface = NF_OUT_DROP; - ctx->mirrors = 0; - ctx->recurse = 0; - ctx->max_resubmit_trigger = false; - ctx->orig_skb_priority = ctx->flow.skb_priority; - ctx->table_id = 0; - ctx->exit = false; - - ofpbuf_use_stub(&ctx->stack, ctx->init_stack, sizeof ctx->init_stack); - - if (ctx->ofproto->has_mirrors || hit_resubmit_limit) { + /* Flow initialization rules: + * - 'base_flow' must match the kernel's view of the packet at the + * time that action processing starts. 'flow' represents any + * transformations we wish to make through actions. + * - By default 'base_flow' and 'flow' are the same since the input + * packet matches the output before any actions are applied. + * - When using VLAN splinters, 'base_flow''s VLAN is set to the value + * of the received packet as seen by the kernel. If we later output + * to another device without any modifications this will cause us to + * insert a new tag since the original one was stripped off by the + * VLAN device. + * - Tunnel metadata as received is retained in 'flow'. This allows + * tunnel metadata matching also in later tables. + * Since a kernel action for setting the tunnel metadata will only be + * generated with actual tunnel output, changing the tunnel metadata + * values in 'flow' (such as tun_id) will only have effect with a later + * tunnel output action. + * - Tunnel 'base_flow' is completely cleared since that is what the + * kernel does. If we wish to maintain the original values an action + * needs to be generated. */ + + ctx.xin = xin; + ctx.xout = xout; + + ctx.ofproto = xin->ofproto; + ctx.rule = xin->rule; + + ctx.base_flow = ctx.xin->flow; + ctx.base_flow.vlan_tci = xin->initial_vals.vlan_tci; + memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel); + ctx.orig_tunnel_ip_dst = ctx.xin->flow.tunnel.ip_dst; + + ctx.xout->tags = 0; + ctx.xout->slow = 0; + ctx.xout->has_learn = false; + ctx.xout->has_normal = false; + ctx.xout->has_fin_timeout = false; + ctx.xout->nf_output_iface = NF_OUT_DROP; + ctx.xout->mirrors = 0; + + ofpbuf_use_stub(&ctx.xout->odp_actions, ctx.xout->odp_actions_stub, + sizeof ctx.xout->odp_actions_stub); + ofpbuf_reserve(&ctx.xout->odp_actions, NL_A_U32_SIZE); + + ctx.recurse = 0; + ctx.max_resubmit_trigger = false; + ctx.orig_skb_priority = ctx.xin->flow.skb_priority; + ctx.table_id = 0; + ctx.exit = false; + + if (xin->ofpacts) { + ofpacts = xin->ofpacts; + ofpacts_len = xin->ofpacts_len; + } else if (xin->rule) { + ofpacts = xin->rule->up.ofpacts; + ofpacts_len = xin->rule->up.ofpacts_len; + } else { + NOT_REACHED(); + } + + ofpbuf_use_stub(&ctx.stack, ctx.init_stack, sizeof ctx.init_stack); + + if (ctx.ofproto->has_mirrors || hit_resubmit_limit) { /* Do this conditionally because the copy is expensive enough that it * shows up in profiles. */ - orig_flow = ctx->flow; + orig_flow = ctx.xin->flow; } - if (ctx->flow.nw_frag & FLOW_NW_FRAG_ANY) { - switch (ctx->ofproto->up.frag_handling) { + if (ctx.xin->flow.nw_frag & FLOW_NW_FRAG_ANY) { + switch (ctx.ofproto->up.frag_handling) { case OFPC_FRAG_NORMAL: /* We must pretend that transport ports are unavailable. */ - ctx->flow.tp_src = ctx->base_flow.tp_src = htons(0); - ctx->flow.tp_dst = ctx->base_flow.tp_dst = htons(0); + ctx.xin->flow.tp_src = ctx.base_flow.tp_src = htons(0); + ctx.xin->flow.tp_dst = ctx.base_flow.tp_dst = htons(0); break; case OFPC_FRAG_DROP: @@ -6619,29 +6986,34 @@ xlate_actions(struct action_xlate_ctx *ctx, } } - in_port = get_ofp_port(ctx->ofproto, ctx->flow.in_port); - special = process_special(ctx->ofproto, &ctx->flow, in_port, ctx->packet); + in_port = get_ofp_port(ctx.ofproto, ctx.xin->flow.in_port); + special = process_special(ctx.ofproto, &ctx.xin->flow, in_port, + ctx.xin->packet); if (special) { - ctx->slow |= special; + ctx.xout->slow = special; } else { static struct vlog_rate_limit trace_rl = VLOG_RATE_LIMIT_INIT(1, 1); - ovs_be16 initial_tci = ctx->base_flow.vlan_tci; + struct initial_vals initial_vals; + size_t sample_actions_len; uint32_t local_odp_port; - add_sflow_action(ctx); + initial_vals.vlan_tci = ctx.base_flow.vlan_tci; - if (!in_port || may_receive(in_port, ctx)) { - do_xlate_actions(ofpacts, ofpacts_len, ctx); + add_sflow_action(&ctx); + add_ipfix_action(&ctx); + sample_actions_len = ctx.xout->odp_actions.size; + + if (tunnel_ecn_ok(&ctx) && (!in_port || may_receive(in_port, &ctx))) { + do_xlate_actions(ofpacts, ofpacts_len, &ctx); /* We've let OFPP_NORMAL and the learning action look at the * packet, so drop it now if forwarding is disabled. */ if (in_port && !stp_forward_in_state(in_port->stp_state)) { - ofpbuf_clear(ctx->odp_actions); - add_sflow_action(ctx); + ctx.xout->odp_actions.size = sample_actions_len; } } - if (ctx->max_resubmit_trigger && !ctx->resubmit_hook) { + if (ctx.max_resubmit_trigger && !ctx.xin->resubmit_hook) { if (!hit_resubmit_limit) { /* We didn't record the original flow. Make sure we do from * now on. */ @@ -6649,55 +7021,46 @@ xlate_actions(struct action_xlate_ctx *ctx, } else if (!VLOG_DROP_ERR(&trace_rl)) { struct ds ds = DS_EMPTY_INITIALIZER; - ofproto_trace(ctx->ofproto, &orig_flow, ctx->packet, - initial_tci, &ds); + ofproto_trace(ctx.ofproto, &orig_flow, ctx.xin->packet, + &initial_vals, &ds); VLOG_ERR("Trace triggered by excessive resubmit " "recursion:\n%s", ds_cstr(&ds)); ds_destroy(&ds); } } - local_odp_port = ofp_port_to_odp_port(ctx->ofproto, OFPP_LOCAL); - if (!connmgr_may_set_up_flow(ctx->ofproto->up.connmgr, &ctx->flow, - local_odp_port, - ctx->odp_actions->data, - ctx->odp_actions->size)) { - ctx->slow |= SLOW_IN_BAND; - if (ctx->packet - && connmgr_msg_in_hook(ctx->ofproto->up.connmgr, &ctx->flow, - ctx->packet)) { - compose_output_action(ctx, OFPP_LOCAL); - } + local_odp_port = ofp_port_to_odp_port(ctx.ofproto, OFPP_LOCAL); + if (!connmgr_must_output_local(ctx.ofproto->up.connmgr, &ctx.xin->flow, + local_odp_port, + ctx.xout->odp_actions.data, + ctx.xout->odp_actions.size)) { + compose_output_action(&ctx, OFPP_LOCAL); } - if (ctx->ofproto->has_mirrors) { - add_mirror_actions(ctx, &orig_flow); + if (ctx.ofproto->has_mirrors) { + add_mirror_actions(&ctx, &orig_flow); } - fix_sflow_action(ctx); + fix_sflow_action(&ctx); } - ofpbuf_uninit(&ctx->stack); + ofpbuf_uninit(&ctx.stack); } /* Translates the 'ofpacts_len' bytes of "struct ofpact"s starting at 'ofpacts' * into datapath actions, using 'ctx', and discards the datapath actions. */ static void -xlate_actions_for_side_effects(struct action_xlate_ctx *ctx, - const struct ofpact *ofpacts, - size_t ofpacts_len) +xlate_actions_for_side_effects(struct xlate_in *xin) { - uint64_t odp_actions_stub[1024 / 8]; - struct ofpbuf odp_actions; + struct xlate_out xout; - ofpbuf_use_stub(&odp_actions, odp_actions_stub, sizeof odp_actions_stub); - xlate_actions(ctx, ofpacts, ofpacts_len, &odp_actions); - ofpbuf_uninit(&odp_actions); + xlate_actions(xin, &xout); + xlate_out_uninit(&xout); } static void -xlate_report(struct action_xlate_ctx *ctx, const char *s) +xlate_report(struct xlate_ctx *ctx, const char *s) { - if (ctx->report_hook) { - ctx->report_hook(ctx, s); + if (ctx->xin->report_hook) { + ctx->xin->report_hook(ctx, s); } } @@ -6815,7 +7178,7 @@ output_vlan_to_vid(const struct ofbundle *out_bundle, uint16_t vlan) } static void -output_normal(struct action_xlate_ctx *ctx, const struct ofbundle *out_bundle, +output_normal(struct xlate_ctx *ctx, const struct ofbundle *out_bundle, uint16_t vlan) { struct ofport_dpif *port; @@ -6826,26 +7189,26 @@ output_normal(struct action_xlate_ctx *ctx, const struct ofbundle *out_bundle, if (!out_bundle->bond) { port = ofbundle_get_a_port(out_bundle); } else { - port = bond_choose_output_slave(out_bundle->bond, &ctx->flow, - vid, &ctx->tags); + port = bond_choose_output_slave(out_bundle->bond, &ctx->xin->flow, + vid, &ctx->xout->tags); if (!port) { /* No slaves enabled, so drop packet. */ return; } } - old_tci = ctx->flow.vlan_tci; + old_tci = ctx->xin->flow.vlan_tci; tci = htons(vid); if (tci || out_bundle->use_priority_tags) { - tci |= ctx->flow.vlan_tci & htons(VLAN_PCP_MASK); + tci |= ctx->xin->flow.vlan_tci & htons(VLAN_PCP_MASK); if (tci) { tci |= htons(VLAN_CFI); } } - ctx->flow.vlan_tci = tci; + ctx->xin->flow.vlan_tci = tci; compose_output_action(ctx, port->up.ofp_port); - ctx->flow.vlan_tci = old_tci; + ctx->xin->flow.vlan_tci = old_tci; } static int @@ -6883,7 +7246,7 @@ vlan_is_mirrored(const struct ofmirror *m, int vlan) } static void -add_mirror_actions(struct action_xlate_ctx *ctx, const struct flow *orig_flow) +add_mirror_actions(struct xlate_ctx *ctx, const struct flow *orig_flow) { struct ofproto_dpif *ofproto = ctx->ofproto; mirror_mask_t mirrors; @@ -6894,7 +7257,7 @@ add_mirror_actions(struct action_xlate_ctx *ctx, const struct flow *orig_flow) size_t left; in_bundle = lookup_input_bundle(ctx->ofproto, orig_flow->in_port, - ctx->packet != NULL, NULL); + ctx->xin->packet != NULL, NULL); if (!in_bundle) { return; } @@ -6902,7 +7265,7 @@ add_mirror_actions(struct action_xlate_ctx *ctx, const struct flow *orig_flow) /* Drop frames on bundles reserved for mirroring. */ if (in_bundle->mirror_out) { - if (ctx->packet != NULL) { + if (ctx->xin->packet != NULL) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " "%s, which is reserved exclusively for mirroring", @@ -6913,15 +7276,15 @@ add_mirror_actions(struct action_xlate_ctx *ctx, const struct flow *orig_flow) /* Check VLAN. */ vid = vlan_tci_to_vid(orig_flow->vlan_tci); - if (!input_vid_is_valid(vid, in_bundle, ctx->packet != NULL)) { + if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { return; } vlan = input_vid_to_vlan(in_bundle, vid); /* Look at the output ports to check for destination selections. */ - NL_ATTR_FOR_EACH (a, left, ctx->odp_actions->data, - ctx->odp_actions->size) { + NL_ATTR_FOR_EACH (a, left, ctx->xout->odp_actions.data, + ctx->xout->odp_actions.size) { enum ovs_action_attr type = nl_attr_type(a); struct ofport_dpif *ofport; @@ -6940,7 +7303,7 @@ add_mirror_actions(struct action_xlate_ctx *ctx, const struct flow *orig_flow) } /* Restore the original packet before adding the mirror actions. */ - ctx->flow = *orig_flow; + ctx->xin->flow = *orig_flow; while (mirrors) { struct ofmirror *m; @@ -6953,7 +7316,7 @@ add_mirror_actions(struct action_xlate_ctx *ctx, const struct flow *orig_flow) } mirrors &= ~m->dup_mirrors; - ctx->mirrors |= m->dup_mirrors; + ctx->xout->mirrors |= m->dup_mirrors; if (m->out) { output_normal(ctx, m->out, vlan); } else if (vlan != m->out_vlan @@ -7111,11 +7474,11 @@ lookup_input_bundle(const struct ofproto_dpif *ofproto, uint16_t in_port, * so in one special case. */ static bool -is_admissible(struct action_xlate_ctx *ctx, struct ofport_dpif *in_port, +is_admissible(struct xlate_ctx *ctx, struct ofport_dpif *in_port, uint16_t vlan) { struct ofproto_dpif *ofproto = ctx->ofproto; - struct flow *flow = &ctx->flow; + struct flow *flow = &ctx->xin->flow; struct ofbundle *in_bundle = in_port->bundle; /* Drop frames for reserved multicast addresses @@ -7129,7 +7492,7 @@ is_admissible(struct action_xlate_ctx *ctx, struct ofport_dpif *in_port, struct mac_entry *mac; switch (bond_check_admissibility(in_bundle->bond, in_port, - flow->dl_dst, &ctx->tags)) { + flow->dl_dst, &ctx->xout->tags)) { case BV_ACCEPT: break; @@ -7154,7 +7517,7 @@ is_admissible(struct action_xlate_ctx *ctx, struct ofport_dpif *in_port, } static void -xlate_normal(struct action_xlate_ctx *ctx) +xlate_normal(struct xlate_ctx *ctx) { struct ofport_dpif *in_port; struct ofbundle *in_bundle; @@ -7162,19 +7525,19 @@ xlate_normal(struct action_xlate_ctx *ctx) uint16_t vlan; uint16_t vid; - ctx->has_normal = true; + ctx->xout->has_normal = true; - in_bundle = lookup_input_bundle(ctx->ofproto, ctx->flow.in_port, - ctx->packet != NULL, &in_port); + in_bundle = lookup_input_bundle(ctx->ofproto, ctx->xin->flow.in_port, + ctx->xin->packet != NULL, &in_port); if (!in_bundle) { xlate_report(ctx, "no input bundle, dropping"); return; } /* Drop malformed frames. */ - if (ctx->flow.dl_type == htons(ETH_TYPE_VLAN) && - !(ctx->flow.vlan_tci & htons(VLAN_CFI))) { - if (ctx->packet != NULL) { + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_VLAN) && + !(ctx->xin->flow.vlan_tci & htons(VLAN_CFI))) { + if (ctx->xin->packet != NULL) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); VLOG_WARN_RL(&rl, "bridge %s: dropping packet with partial " "VLAN tag received on port %s", @@ -7186,7 +7549,7 @@ xlate_normal(struct action_xlate_ctx *ctx) /* Drop frames on bundles reserved for mirroring. */ if (in_bundle->mirror_out) { - if (ctx->packet != NULL) { + if (ctx->xin->packet != NULL) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " "%s, which is reserved exclusively for mirroring", @@ -7197,8 +7560,8 @@ xlate_normal(struct action_xlate_ctx *ctx) } /* Check VLAN. */ - vid = vlan_tci_to_vid(ctx->flow.vlan_tci); - if (!input_vid_is_valid(vid, in_bundle, ctx->packet != NULL)) { + vid = vlan_tci_to_vid(ctx->xin->flow.vlan_tci); + if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { xlate_report(ctx, "disallowed VLAN VID for this input port, dropping"); return; } @@ -7210,13 +7573,13 @@ xlate_normal(struct action_xlate_ctx *ctx) } /* Learn source MAC. */ - if (ctx->may_learn) { - update_learning_table(ctx->ofproto, &ctx->flow, vlan, in_bundle); + if (ctx->xin->may_learn) { + update_learning_table(ctx->ofproto, &ctx->xin->flow, vlan, in_bundle); } /* Determine output bundle. */ - mac = mac_learning_lookup(ctx->ofproto->ml, ctx->flow.dl_dst, vlan, - &ctx->tags); + mac = mac_learning_lookup(ctx->ofproto->ml, ctx->xin->flow.dl_dst, vlan, + &ctx->xout->tags); if (mac) { if (mac->port.p != in_bundle) { xlate_report(ctx, "forwarding to learned port"); @@ -7236,7 +7599,7 @@ xlate_normal(struct action_xlate_ctx *ctx) output_normal(ctx, bundle, vlan); } } - ctx->nf_output_iface = NF_OUT_FLOOD; + ctx->xout->nf_output_iface = NF_OUT_FLOOD; } } @@ -7372,14 +7735,13 @@ packet_out(struct ofproto *ofproto_, struct ofpbuf *packet, const struct ofpact *ofpacts, size_t ofpacts_len) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); + struct initial_vals initial_vals; struct odputil_keybuf keybuf; struct dpif_flow_stats stats; - + struct xlate_out xout; + struct xlate_in xin; struct ofpbuf key; - struct action_xlate_ctx ctx; - uint64_t odp_actions_stub[1024 / 8]; - struct ofpbuf odp_actions; ofpbuf_use_stack(&key, &keybuf, sizeof keybuf); odp_flow_key_from_flow(&key, flow, @@ -7387,16 +7749,17 @@ packet_out(struct ofproto *ofproto_, struct ofpbuf *packet, dpif_flow_stats_extract(flow, packet, time_msec(), &stats); - action_xlate_ctx_init(&ctx, ofproto, flow, flow->vlan_tci, NULL, - packet_get_tcp_flags(packet, flow), packet); - ctx.resubmit_stats = &stats; + initial_vals.vlan_tci = flow->vlan_tci; + xlate_in_init(&xin, ofproto, flow, &initial_vals, NULL, stats.tcp_flags, + packet); + xin.resubmit_stats = &stats; + xin.ofpacts_len = ofpacts_len; + xin.ofpacts = ofpacts; - ofpbuf_use_stub(&odp_actions, - odp_actions_stub, sizeof odp_actions_stub); - xlate_actions(&ctx, ofpacts, ofpacts_len, &odp_actions); + xlate_actions(&xin, &xout); dpif_execute(ofproto->backer->dpif, key.data, key.size, - odp_actions.data, odp_actions.size, packet); - ofpbuf_uninit(&odp_actions); + xout.odp_actions.data, xout.odp_actions.size, packet); + xlate_out_uninit(&xout); return 0; } @@ -7442,7 +7805,7 @@ send_active_timeout(struct ofproto_dpif *ofproto, struct facet *facet) if (subfacet->path == SF_FAST_PATH) { struct dpif_flow_stats stats; - subfacet_reinstall(subfacet, &stats); + subfacet_install(subfacet, &facet->xout.odp_actions, &stats); subfacet_update_stats(subfacet, &stats); } } @@ -7528,7 +7891,8 @@ ofproto_unixctl_fdb_show(struct unixctl_conn *conn, int argc OVS_UNUSED, } struct trace_ctx { - struct action_xlate_ctx ctx; + struct xlate_out xout; + struct xlate_in xin; struct flow flow; struct ds *result; }; @@ -7556,15 +7920,15 @@ trace_format_rule(struct ds *result, uint8_t table_id, int level, static void trace_format_flow(struct ds *result, int level, const char *title, - struct trace_ctx *trace) + struct trace_ctx *trace) { ds_put_char_multiple(result, '\t', level); ds_put_format(result, "%s: ", title); - if (flow_equal(&trace->ctx.flow, &trace->flow)) { + if (flow_equal(&trace->xin.flow, &trace->flow)) { ds_put_cstr(result, "unchanged"); } else { - flow_format(result, &trace->ctx.flow); - trace->flow = trace->ctx.flow; + flow_format(result, &trace->xin.flow); + trace->flow = trace->xin.flow; } ds_put_char(result, '\n'); } @@ -7587,7 +7951,7 @@ static void trace_format_odp(struct ds *result, int level, const char *title, struct trace_ctx *trace) { - struct ofpbuf *odp_actions = trace->ctx.odp_actions; + struct ofpbuf *odp_actions = &trace->xout.odp_actions; ds_put_char_multiple(result, '\t', level); ds_put_format(result, "%s: ", title); @@ -7596,9 +7960,9 @@ trace_format_odp(struct ds *result, int level, const char *title, } static void -trace_resubmit(struct action_xlate_ctx *ctx, struct rule_dpif *rule) +trace_resubmit(struct xlate_ctx *ctx, struct rule_dpif *rule) { - struct trace_ctx *trace = CONTAINER_OF(ctx, struct trace_ctx, ctx); + struct trace_ctx *trace = CONTAINER_OF(ctx->xin, struct trace_ctx, xin); struct ds *result = trace->result; ds_put_char(result, '\n'); @@ -7609,9 +7973,9 @@ trace_resubmit(struct action_xlate_ctx *ctx, struct rule_dpif *rule) } static void -trace_report(struct action_xlate_ctx *ctx, const char *s) +trace_report(struct xlate_ctx *ctx, const char *s) { - struct trace_ctx *trace = CONTAINER_OF(ctx, struct trace_ctx, ctx); + struct trace_ctx *trace = CONTAINER_OF(ctx->xin, struct trace_ctx, xin); struct ds *result = trace->result; ds_put_char_multiple(result, '\t', ctx->recurse); @@ -7623,112 +7987,113 @@ static void ofproto_unixctl_trace(struct unixctl_conn *conn, int argc, const char *argv[], void *aux OVS_UNUSED) { - const char *dpname = argv[1]; + const struct dpif_backer *backer; struct ofproto_dpif *ofproto; struct ofpbuf odp_key; struct ofpbuf *packet; - ovs_be16 initial_tci; + struct initial_vals initial_vals; struct ds result; struct flow flow; char *s; packet = NULL; - ofpbuf_init(&odp_key, 0); + backer = NULL; ds_init(&result); + ofpbuf_init(&odp_key, 0); - ofproto = ofproto_dpif_lookup(dpname); - if (!ofproto) { - unixctl_command_reply_error(conn, "Unknown ofproto (use ofproto/list " - "for help)"); - goto exit; + /* Handle "-generate" or a hex string as the last argument. */ + if (!strcmp(argv[argc - 1], "-generate")) { + packet = ofpbuf_new(0); + argc--; + } else { + const char *error = eth_from_hex(argv[argc - 1], &packet); + if (!error) { + argc--; + } else if (argc == 4) { + /* The 3-argument form must end in "-generate' or a hex string. */ + unixctl_command_reply_error(conn, error); + goto exit; + } } - if (argc == 3 || (argc == 4 && !strcmp(argv[3], "-generate"))) { - /* ofproto/trace dpname flow [-generate] */ - const char *flow_s = argv[2]; - const char *generate_s = argv[3]; - /* Allow 'flow_s' to be either a datapath flow or an OpenFlow-like - * flow. We guess which type it is based on whether 'flow_s' contains - * an '(', since a datapath flow always contains '(') but an - * OpenFlow-like flow should not (in fact it's allowed but I believe - * that's not documented anywhere). - * - * An alternative would be to try to parse 'flow_s' both ways, but then - * it would be tricky giving a sensible error message. After all, do - * you just say "syntax error" or do you present both error messages? - * Both choices seem lousy. */ - if (strchr(flow_s, '(')) { - int error; - - /* Convert string to datapath key. */ - ofpbuf_init(&odp_key, 0); - error = odp_flow_key_from_string(flow_s, NULL, &odp_key); - if (error) { - unixctl_command_reply_error(conn, "Bad flow syntax"); - goto exit; + /* Parse the flow and determine whether a datapath or + * bridge is specified. If function odp_flow_key_from_string() + * returns 0, the flow is a odp_flow. If function + * parse_ofp_exact_flow() returns 0, the flow is a br_flow. */ + if (!odp_flow_key_from_string(argv[argc - 1], NULL, &odp_key)) { + /* If the odp_flow is the second argument, + * the datapath name is the first argument. */ + if (argc == 3) { + const char *dp_type; + if (!strncmp(argv[1], "ovs-", 4)) { + dp_type = argv[1] + 4; + } else { + dp_type = argv[1]; } - - /* XXX: Since we allow the user to specify an ofproto, it's - * possible they will specify a different ofproto than the one the - * port actually belongs too. Ideally we should simply remove the - * ability to specify the ofproto. */ - if (ofproto_receive(ofproto->backer, NULL, odp_key.data, - odp_key.size, &flow, NULL, NULL, NULL, - &initial_tci)) { - unixctl_command_reply_error(conn, "Invalid flow"); + backer = shash_find_data(&all_dpif_backers, dp_type); + if (!backer) { + unixctl_command_reply_error(conn, "Cannot find datapath " + "of this name"); goto exit; } } else { - char *error_s; - - error_s = parse_ofp_exact_flow(&flow, argv[2]); - if (error_s) { - unixctl_command_reply_error(conn, error_s); - free(error_s); + /* No datapath name specified, so there should be only one + * datapath. */ + struct shash_node *node; + if (shash_count(&all_dpif_backers) != 1) { + unixctl_command_reply_error(conn, "Must specify datapath " + "name, there is more than one type of datapath"); goto exit; } - - initial_tci = flow.vlan_tci; + node = shash_first(&all_dpif_backers); + backer = node->data; } - /* Generate a packet, if requested. */ - if (generate_s) { - packet = ofpbuf_new(0); - flow_compose(packet, &flow); + /* Extract the ofproto_dpif object from the ofproto_receive() + * function. */ + if (ofproto_receive(backer, NULL, odp_key.data, + odp_key.size, &flow, NULL, &ofproto, NULL, + &initial_vals)) { + unixctl_command_reply_error(conn, "Invalid datapath flow"); + goto exit; } - } else if (argc == 7) { - /* ofproto/trace dpname priority tun_id in_port mark packet */ - const char *priority_s = argv[2]; - const char *tun_id_s = argv[3]; - const char *in_port_s = argv[4]; - const char *mark_s = argv[5]; - const char *packet_s = argv[6]; - uint32_t in_port = atoi(in_port_s); - ovs_be64 tun_id = htonll(strtoull(tun_id_s, NULL, 0)); - uint32_t priority = atoi(priority_s); - uint32_t mark = atoi(mark_s); - const char *msg; - - msg = eth_from_hex(packet_s, &packet); - if (msg) { - unixctl_command_reply_error(conn, msg); + ds_put_format(&result, "Bridge: %s\n", ofproto->up.name); + } else if (!parse_ofp_exact_flow(&flow, argv[argc - 1])) { + if (argc != 3) { + unixctl_command_reply_error(conn, "Must specify bridge name"); goto exit; } - ds_put_cstr(&result, "Packet: "); - s = ofp_packet_to_string(packet->data, packet->size); - ds_put_cstr(&result, s); - free(s); - - flow_extract(packet, priority, mark, NULL, in_port, &flow); - flow.tunnel.tun_id = tun_id; - initial_tci = flow.vlan_tci; + ofproto = ofproto_dpif_lookup(argv[1]); + if (!ofproto) { + unixctl_command_reply_error(conn, "Unknown bridge name"); + goto exit; + } + initial_vals.vlan_tci = flow.vlan_tci; } else { - unixctl_command_reply_error(conn, "Bad command syntax"); + unixctl_command_reply_error(conn, "Bad flow syntax"); goto exit; } - ofproto_trace(ofproto, &flow, packet, initial_tci, &result); + /* Generate a packet, if requested. */ + if (packet) { + if (!packet->size) { + flow_compose(packet, &flow); + } else { + ds_put_cstr(&result, "Packet: "); + s = ofp_packet_to_string(packet->data, packet->size); + ds_put_cstr(&result, s); + free(s); + + /* Use the metadata from the flow and the packet argument + * to reconstruct the flow. */ + flow_extract(packet, flow.skb_priority, flow.skb_mark, NULL, + flow.in_port, &flow); + initial_vals.vlan_tci = flow.vlan_tci; + } + } + + ofproto_trace(ofproto, &flow, packet, &initial_vals, &result); unixctl_command_reply(conn, ds_cstr(&result)); exit: @@ -7739,8 +8104,8 @@ exit: static void ofproto_trace(struct ofproto_dpif *ofproto, const struct flow *flow, - const struct ofpbuf *packet, ovs_be16 initial_tci, - struct ds *ds) + const struct ofpbuf *packet, + const struct initial_vals *initial_vals, struct ds *ds) { struct rule_dpif *rule; @@ -7770,64 +8135,44 @@ ofproto_trace(struct ofproto_dpif *ofproto, const struct flow *flow, trace.flow = *flow; ofpbuf_use_stub(&odp_actions, odp_actions_stub, sizeof odp_actions_stub); - action_xlate_ctx_init(&trace.ctx, ofproto, flow, initial_tci, - rule, tcp_flags, packet); - trace.ctx.resubmit_hook = trace_resubmit; - trace.ctx.report_hook = trace_report; - xlate_actions(&trace.ctx, rule->up.ofpacts, rule->up.ofpacts_len, - &odp_actions); + xlate_in_init(&trace.xin, ofproto, flow, initial_vals, rule, tcp_flags, + packet); + trace.xin.resubmit_hook = trace_resubmit; + trace.xin.report_hook = trace_report; + xlate_actions(&trace.xin, &trace.xout); ds_put_char(ds, '\n'); trace_format_flow(ds, 0, "Final flow", &trace); ds_put_cstr(ds, "Datapath actions: "); - format_odp_actions(ds, odp_actions.data, odp_actions.size); - ofpbuf_uninit(&odp_actions); - - if (trace.ctx.slow) { - enum slow_path_reason slow; + format_odp_actions(ds, trace.xout.odp_actions.data, + trace.xout.odp_actions.size); + if (trace.xout.slow) { ds_put_cstr(ds, "\nThis flow is handled by the userspace " "slow path because it:"); - for (slow = trace.ctx.slow; slow; ) { - enum slow_path_reason bit = rightmost_1bit(slow); - - switch (bit) { - case SLOW_CFM: - ds_put_cstr(ds, "\n\t- Consists of CFM packets."); - break; - case SLOW_LACP: - ds_put_cstr(ds, "\n\t- Consists of LACP packets."); - break; - case SLOW_STP: - ds_put_cstr(ds, "\n\t- Consists of STP packets."); - break; - case SLOW_IN_BAND: - ds_put_cstr(ds, "\n\t- Needs in-band special case " - "processing."); - if (!packet) { - ds_put_cstr(ds, "\n\t (The datapath actions are " - "incomplete--for complete actions, " - "please supply a packet.)"); - } - break; - case SLOW_CONTROLLER: - ds_put_cstr(ds, "\n\t- Sends \"packet-in\" messages " - "to the OpenFlow controller."); - break; - case SLOW_MATCH: - ds_put_cstr(ds, "\n\t- Needs more specific matching " - "than the datapath supports."); - break; - } - - slow &= ~bit; - } - - if (slow & ~SLOW_MATCH) { - ds_put_cstr(ds, "\nThe datapath actions above do not reflect " - "the special slow-path processing."); + switch (trace.xout.slow) { + case SLOW_CFM: + ds_put_cstr(ds, "\n\t- Consists of CFM packets."); + break; + case SLOW_LACP: + ds_put_cstr(ds, "\n\t- Consists of LACP packets."); + break; + case SLOW_STP: + ds_put_cstr(ds, "\n\t- Consists of STP packets."); + break; + case SLOW_BFD: + ds_put_cstr(ds, "\n\t- Consists of BFD packets."); + break; + case SLOW_CONTROLLER: + ds_put_cstr(ds, "\n\t- Sends \"packet-in\" messages " + "to the OpenFlow controller."); + break; + case __SLOW_MAX: + NOT_REACHED(); } } + + xlate_out_uninit(&trace.xout); } } @@ -7941,21 +8286,42 @@ ofproto_unixctl_dpif_dump_dps(struct unixctl_conn *conn, int argc OVS_UNUSED, static void show_dp_format(const struct ofproto_dpif *ofproto, struct ds *ds) { - struct dpif_dp_stats s; const struct shash_node **ports; int i; + struct avg_subfacet_rates lifetime; + unsigned long long int minutes; + const int min_ms = 60 * 1000; /* milliseconds in one minute. */ - dpif_get_dp_stats(ofproto->backer->dpif, &s); + minutes = (time_msec() - ofproto->created) / min_ms; + + if (minutes > 0) { + lifetime.add_rate = (double)ofproto->total_subfacet_add_count + / minutes; + lifetime.del_rate = (double)ofproto->total_subfacet_del_count + / minutes; + }else { + lifetime.add_rate = 0.0; + lifetime.del_rate = 0.0; + } ds_put_format(ds, "%s (%s):\n", ofproto->up.name, dpif_name(ofproto->backer->dpif)); - /* xxx It would be better to show bridge-specific stats instead - * xxx of dp ones. */ ds_put_format(ds, - "\tlookups: hit:%"PRIu64" missed:%"PRIu64" lost:%"PRIu64"\n", - s.n_hit, s.n_missed, s.n_lost); - ds_put_format(ds, "\tflows: %zu\n", - hmap_count(&ofproto->subfacets)); + "\tlookups: hit:%"PRIu64" missed:%"PRIu64"\n", + ofproto->n_hit, ofproto->n_missed); + ds_put_format(ds, "\tflows: cur: %zu, avg: %5.3f, max: %d," + " life span: %llu(ms)\n", + hmap_count(&ofproto->subfacets), + avg_subfacet_count(ofproto), + ofproto->max_n_subfacet, + avg_subfacet_life_span(ofproto)); + if (minutes >= 60) { + show_dp_rates(ds, "\t\thourly avg:", &ofproto->hourly); + } + if (minutes >= 60 * 24) { + show_dp_rates(ds, "\t\tdaily avg:", &ofproto->daily); + } + show_dp_rates(ds, "\t\toverall avg:", &lifetime); ports = shash_sort(&ofproto->up.port_by_name); for (i = 0; i < shash_count(&ofproto->up.port_by_name); i++) { @@ -8066,6 +8432,8 @@ ofproto_unixctl_dpif_dump_flows(struct unixctl_conn *conn, update_stats(ofproto->backer); HMAP_FOR_EACH (subfacet, hmap_node, &ofproto->subfacets) { + struct facet *facet = subfacet->facet; + odp_flow_key_format(subfacet->key, subfacet->key_len, &ds); ds_put_format(&ds, ", packets:%"PRIu64", bytes:%"PRIu64", used:", @@ -8082,7 +8450,19 @@ ofproto_unixctl_dpif_dump_flows(struct unixctl_conn *conn, } ds_put_cstr(&ds, ", actions:"); - format_odp_actions(&ds, subfacet->actions, subfacet->actions_len); + if (facet->xout.slow) { + uint64_t slow_path_stub[128 / 8]; + const struct nlattr *actions; + size_t actions_len; + + compose_slow_path(ofproto, &facet->flow, facet->xout.slow, + slow_path_stub, sizeof slow_path_stub, + &actions, &actions_len); + format_odp_actions(&ds, actions, actions_len); + } else { + format_odp_actions(&ds, facet->xout.odp_actions.data, + facet->xout.odp_actions.size); + } ds_put_char(&ds, '\n'); } @@ -8121,8 +8501,8 @@ ofproto_dpif_unixctl_init(void) unixctl_command_register( "ofproto/trace", - "bridge {priority tun_id in_port mark packet | odp_flow [-generate]}", - 2, 6, ofproto_unixctl_trace, NULL); + "[dp_name]|bridge odp_flow|br_flow [-generate|packet]", + 1, 3, ofproto_unixctl_trace, NULL); unixctl_command_register("fdb/flush", "[bridge]", 0, 1, ofproto_unixctl_fdb_flush, NULL); unixctl_command_register("fdb/show", "bridge", 1, 1, @@ -8188,33 +8568,31 @@ hash_realdev_vid(uint16_t realdev_ofp_port, int vid) return hash_2words(realdev_ofp_port, vid); } -/* Returns the ODP port number of the Linux VLAN device that corresponds to - * 'vlan_tci' on the network device with port number 'realdev_odp_port' in - * 'ofproto'. For example, given 'realdev_odp_port' of eth0 and 'vlan_tci' 9, - * it would return the port number of eth0.9. +/* Returns the OFP port number of the Linux VLAN device that corresponds to + * 'vlan_tci' on the network device with port number 'realdev_ofp_port' in + * 'struct ofport_dpif'. For example, given 'realdev_ofp_port' of eth0 and + * 'vlan_tci' 9, it would return the port number of eth0.9. * - * Unless VLAN splinters are enabled for port 'realdev_odp_port', this - * function just returns its 'realdev_odp_port' argument. */ -static uint32_t + * Unless VLAN splinters are enabled for port 'realdev_ofp_port', this + * function just returns its 'realdev_ofp_port' argument. */ +static uint16_t vsp_realdev_to_vlandev(const struct ofproto_dpif *ofproto, - uint32_t realdev_odp_port, ovs_be16 vlan_tci) + uint16_t realdev_ofp_port, ovs_be16 vlan_tci) { if (!hmap_is_empty(&ofproto->realdev_vid_map)) { - uint16_t realdev_ofp_port; int vid = vlan_tci_to_vid(vlan_tci); const struct vlan_splinter *vsp; - realdev_ofp_port = odp_port_to_ofp_port(ofproto, realdev_odp_port); HMAP_FOR_EACH_WITH_HASH (vsp, realdev_vid_node, hash_realdev_vid(realdev_ofp_port, vid), &ofproto->realdev_vid_map) { if (vsp->realdev_ofp_port == realdev_ofp_port && vsp->vid == vid) { - return ofp_port_to_odp_port(ofproto, vsp->vlandev_ofp_port); + return vsp->vlandev_ofp_port; } } } - return realdev_odp_port; + return realdev_ofp_port; } static struct vlan_splinter * @@ -8361,6 +8739,79 @@ odp_port_to_ofp_port(const struct ofproto_dpif *ofproto, uint32_t odp_port) return OFPP_NONE; } } +static unsigned long long int +avg_subfacet_life_span(const struct ofproto_dpif *ofproto) +{ + unsigned long long int dc; + unsigned long long int avg; + + dc = ofproto->total_subfacet_del_count + ofproto->subfacet_del_count; + avg = dc ? ofproto->total_subfacet_life_span / dc : 0; + + return avg; +} + +static double +avg_subfacet_count(const struct ofproto_dpif *ofproto) +{ + double avg_c = 0.0; + + if (ofproto->n_update_stats) { + avg_c = (double)ofproto->total_subfacet_count + / ofproto->n_update_stats; + } + + return avg_c; +} + +static void +show_dp_rates(struct ds *ds, const char *heading, + const struct avg_subfacet_rates *rates) +{ + ds_put_format(ds, "%s add rate: %5.3f/min, del rate: %5.3f/min\n", + heading, rates->add_rate, rates->del_rate); +} + +static void +update_max_subfacet_count(struct ofproto_dpif *ofproto) +{ + ofproto->max_n_subfacet = MAX(ofproto->max_n_subfacet, + hmap_count(&ofproto->subfacets)); +} + +/* Compute exponentially weighted moving average, adding 'new' as the newest, + * most heavily weighted element. 'base' designates the rate of decay: after + * 'base' further updates, 'new''s weight in the EWMA decays to about 1/e + * (about .37). */ +static void +exp_mavg(double *avg, int base, double new) +{ + *avg = (*avg * (base - 1) + new) / base; +} + +static void +update_moving_averages(struct ofproto_dpif *ofproto) +{ + const int min_ms = 60 * 1000; /* milliseconds in one minute. */ + + /* Update hourly averages on the minute boundaries. */ + if (time_msec() - ofproto->last_minute >= min_ms) { + exp_mavg(&ofproto->hourly.add_rate, 60, ofproto->subfacet_add_count); + exp_mavg(&ofproto->hourly.del_rate, 60, ofproto->subfacet_del_count); + + /* Update daily averages on the hour boundaries. */ + if ((ofproto->last_minute - ofproto->created) / min_ms % 60 == 59) { + exp_mavg(&ofproto->daily.add_rate, 24, ofproto->hourly.add_rate); + exp_mavg(&ofproto->daily.del_rate, 24, ofproto->hourly.del_rate); + } + + ofproto->total_subfacet_add_count += ofproto->subfacet_add_count; + ofproto->total_subfacet_del_count += ofproto->subfacet_del_count; + ofproto->subfacet_add_count = 0; + ofproto->subfacet_del_count = 0; + ofproto->last_minute += min_ms; + } +} const struct ofproto_class ofproto_dpif_class = { init, @@ -8411,8 +8862,11 @@ const struct ofproto_class ofproto_dpif_class = { set_netflow, get_netflow_ids, set_sflow, + set_ipfix, set_cfm, get_cfm_status, + set_bfd, + get_bfd_status, set_stp, get_stp_status, set_stp_port,